www.huntress.com Open in urlscan Pro
34.249.200.254  Public Scan

13 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1717414343028%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fblog%252Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&cookiesTest=true&liSync=true&e_ipv6=AQImtk474pDkkQAAAY_d3zUtv1viSW9k2zBlFsV5JP2tq2mL0_ZO5lw6xHPXNT2l

Request Chain 125

• https://c.clarity.ms/c.gif HTTP 302
• https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&RedC=c.clarity.ms&MXFR=27F7AF82C940679F23E8BB11CD4069A5 HTTP 302
• https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&MUID=182B544953F067651EC340DA525C6657

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Show response www.huntress.com/blog/	126 KB 31 KB	317ms 104ms	Document text/html	34.249.200.254 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-249-200-254.eu-west-1.compute.amazonaws.com Software / Resource Hash 04f1f4c1d2b1f602b9a7fd17653db31fc368633864a5dc222beed9fa5da65d08 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes age 322886 content-encoding gzip content-length 30949 content-security-policy frame-ancestors 'self' content-type text/html date Mon, 03 Jun 2024 11:32:21 GMT referrer-policy origin vary Accept-Encoding,x-wf-forwarded-proto x-cache HIT, HIT x-cache-hits 4, 0 x-cluster-name eu-west-1-prod-hosting-red x-content-type-options nosniff x-frame-options SAMEORIGIN x-lambda-id 2aafc20c-46b2-4222-9a56-0375eefcad62 x-served-by cache-iad-kjyo7100029-IAD, cache-dub4347-DUB x-timer S1717414341.056134,VS0,VE2 x-xss-protection 1; mode=block
GET H3	200	huntress-new.8263712c8.min.css cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/	411 KB 67 KB	205ms 141ms	Stylesheet text/css	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 482dec24ae47ce18bcc7a2a7ee1d51ef834be73b1c92bfe5242fb8e2e55485db Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT content-encoding gzip x-amz-version-id NganLIkOYk3l4eCWiZLXFBiqKZm_dumQ cf-cache-status HIT x-amz-request-id E8JV87RCNGCJERGC age 68977 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 68164 x-amz-id-2 gae0F+CJfpZWC+runYnXpVyc42afmZWh/1vKhJzFuAEVp7sQOgvixWF0kjQPkPb6oySyMV5oLo0= last-modified Thu, 30 May 2024 17:43:50 GMT server cloudflare etag "945c920b60ace7747c52e72bbba43ecc" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb09f8e6537-LHR expires Tue, 04 Jun 2024 11:02:21 GMT
GET H3	200	api.js Show response www.google.com/recaptcha/	1 KB 943 B	178ms 63ms	Script text/javascript	172.217.16.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.16.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS zrh04s06-in-f132.1e100.net Software GSE / Resource Hash cba9cb9557a1f779ed0dd0911cb3bdbf141c348de448abbd2c9d835af0e114d5 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Mon, 03 Jun 2024 11:32:21 GMT
GET H2	200	8769192b-20ba-4df2-8d62-2740a805c3e8.js Show response j.6sc.co/j/	1002 B 1 KB	826ms 601ms	Script application/javascript	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash f143cdd47f943dca511fec190f6f8dc72123af1a03b0acc0b85006d3827469db Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id o9ChablSSl2gd.7kIpRQzAV8W8L4w9AI date Mon, 03 Jun 2024 11:32:21 GMT x-amz-cf-pop PRG50-C1 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 1002 pragma no-cache last-modified Wed, 08 May 2024 20:22:17 GMT server AmazonS3 etag "924fd1c8fe1063b3e4acf99764018260" vary Accept-Encoding content-type application/javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes x-amz-cf-id UbfphoFbQUsdmHdyGotQClsQDbC-_LvJgetT7MCdm8zy83MrJGQcOg== expires Mon, 03 Jun 2024 11:32:21 GMT
GET H2	200	marketing.js Show response js.na.chilipiper.com/	73 KB 25 KB	307ms 166ms	Script application/javascript	34.111.224.162 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://js.na.chilipiper.com/marketing.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.224.162 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 162.224.111.34.bc.googleusercontent.com Software / Resource Hash 02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e Security Headers Name Value Content-Security-Policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline'; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Security-Policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline'; X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:31:29 GMT content-encoding gzip via 1.1 google x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload age 53 content-security-policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline'; alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 22403 x-xss-protection 1; mode=block referrer-policy origin-when-cross-origin last-modified Mon, 20 May 2024 07:11:53 GMT etag W/"664af7b9-122e0" vary Accept-Encoding content-type application/javascript cache-control public, max-age=0, s-maxage=60, must-revalidate x-cache-hit hit x-content-security-policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com https://*.logr-ingest.com https://*.posthog.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
GET H2	200	c9c27905c1e445d6.js Show response client-registry.mutinycdn.com/personalize/client/	52 KB 17 KB	187ms 53ms	Script application/javascript	151.101.129.91 FASTLY
General Check archive.org Show headers Download Go to Full URL https://client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.91 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 0bf804a024fb9eb8728c555bbd693849fc21be558591968333c6f6c03c47dabb Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id GjusOlV56DeEsGo2kGbpHHHwRUOjsGtJ x-continent-code EU content-encoding gzip date Mon, 03 Jun 2024 11:32:21 GMT via 1.1 varnish x-edge-region EU-East x-amz-request-id ZSY0JPKNBESZ7C51 age 1486 x-amz-server-side-encryption AES256 x-cache HIT x-edge-datacenter FRA content-length 16870 x-amz-id-2 edTDW7ZxVzJs/jYKfN2W6adkJttImwP7QBRgymhFpGfbRyHu3/MlWVqWr5vmqzcjnaYyJFea/V0= x-served-by cache-fra-etou8220105-FRA x-connection-speed broadband last-modified Fri, 31 May 2024 23:50:07 GMT server AmazonS3 etag "0fd3b9ead331231f8ab2ca7fe7fa293b" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control s-maxage=3600, max-age=0 vary X-Continent-Code, Accept-Encoding accept-ranges bytes x-country-code DE x-cache-hits 0
GET H2	200	slick.css cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/	2 KB 1 KB	148ms 54ms	Stylesheet text/css	2606:4700::6812:ba1f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1427579 x-jsd-version 1.8.1 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 590 x-served-by cache-fra-etou8220022-FRA, cache-lga21934-LGA x-jsd-version-type version server cloudflare etag W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YS%2BDpEW1z3H4Ptf1LJi%2FkIyUMNhHUIWRiRXSNxYmd%2BeVn8%2FlPyCsqf2XcNmEyh6pqLMleLBp2X%2BWyujXf50ikZsY%2Ba6ukbiSPk3Y1789p6YLP%2FF9Ks1xFyIEdB6f9U9yIA2xpZcWQfqiBNTQqXg%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin * cf-ray 88df5cb0cfb37701-LHR
GET H2	200	index.umd.min.js Show response cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/	5 KB 2 KB	154ms 60ms	Script application/javascript	2606:4700::6812:ba1f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 9805 x-jsd-version 3.23.0 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 2045 x-served-by cache-fra-etou8220149-FRA, cache-lga21960-LGA x-jsd-version-type version server cloudflare etag W/"1257-XGh/u0oT7hTbaQXf16hjV3fN0OU" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tdxNFIHoQgozRqcTlDNS43bHXG08d5Kx8a8kbJXTsK4ZmztOguNjYTjHC1l9nWtsiXWbZkfT%2BP0sxeOMG8SS%2FOvU8XUwZ7wYnKQsUrtpba0rbost0BaAInLCTa0QCQCXHbE%2BtkT8HX2QGETlfQo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin * cf-ray 88df5cb0cfb77701-LHR
GET H3	200	richtext.js Show response cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/	8 KB 5 KB	62ms 60ms	Script application/javascript	104.18.187.31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.187.31 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 36196 x-jsd-version 1.10.2 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 3918 x-served-by cache-fra-eddf8230147-FRA, cache-lga21936-LGA x-jsd-version-type version server cloudflare etag W/"2147-I41v+oq443LPQB6aPqMil27q9QY" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oc6xicDr6GsmXrpgZ1mUGycAzfi6GPD5KzjX%2FKBM96hCdB3t2%2F9jw2tooYuJLsYdILbXaOeQkhjIose9q56QtFkX3li%2Bk2QdkXCdQ0xiQBDJA5jAFzs5pWCsD%2B1pqDBursw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin * cf-ray 88df5cb57842dd81-LHR
GET H3	200	65f75020c99f25928927347f_banner-blue-halo.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	23 KB 23 KB	145ms 85ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT x-amz-version-id VQxidV2D7M0v1MjkNARxPZzB4FkcrZg4 cf-cache-status HIT x-amz-request-id FVC0AG6Z8KQDK4ZY age 322853 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 23574 x-amz-id-2 kI2yL3uRQSWZW5KqNaMbP8PThCMXuQay7I29RXR+7AffhNpP1L2pCRjUTEYwvkndpM0eyek1RJ8= last-modified Sun, 17 Mar 2024 20:18:41 GMT server cloudflare etag "cd3521a7574865352fcc31cd4d968864" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88df5cb09f856537-LHR expires Tue, 03 Jun 2025 11:32:21 GMT
GET H3	200	66267cd1946bdc414612a045_banner-blue-halo-mobile.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	11 KB 11 KB	115ms 54ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66267cd1946bdc414612a045_banner-blue-halo-mobile.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 640d525f0c6d09a6cdc4c6f6b0d44c4d2d92ce5e35ae1a945ccac5da67071f9d Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT x-amz-version-id 5.DnT5LYsjXZnxPaoCXpF7pRsl7yIEO1 cf-cache-status HIT x-amz-request-id 674THVYTRCAQ75KT age 322853 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 11112 x-amz-id-2 p4x6HN1xxlACclsPyCooqJeyly1+SQpSDYgdp6+A2BfoGP6VZRY35v2eorepfYTMsM0y6nqiV3s= last-modified Mon, 22 Apr 2024 15:05:55 GMT server cloudflare etag "308d32f3c0dd65a14316ec46469ba463" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88df5cb09f896537-LHR expires Tue, 03 Jun 2025 11:32:21 GMT
GET H3	200	655d92689c415e9fefcf2400_Hero-grapic-right-02.png cdn.prod.website-files.com/655d92689c415e9fefcf2368/	5 KB 5 KB	61ms 61ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT x-amz-version-id ds4He9jpqLhVudpNkauPNw12aaYIjxRr cf-cache-status HIT x-amz-request-id 1CCCHD93RQE26D1D age 321372 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 5002 x-amz-id-2 fI8Qmjv62FrXp7U4d3mRxxumLrsuNwMo2vnB7EGgoKueyn57Vo7zyoUBfK5Cd3b7kteIZKItLJA= last-modified Wed, 22 Nov 2023 05:32:26 GMT server cloudflare etag "d360d7cfb07b3fdc3fbc56204caa4c06" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88df5cb168e36537-LHR expires Tue, 03 Jun 2025 11:32:21 GMT
GET H3	200	6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	7 KB 7 KB	59ms 58ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT x-amz-version-id .9LTfep43eO88TqIHc3WnYAIb3vaJe3A cf-cache-status HIT x-amz-request-id 4YCR1FB4DR8S60ZM age 66741 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 6778 x-amz-id-2 a4/BBfn4/xT9GiFonft7PzXACqXoTj/migMdNrdoldT2Rojnj84zhnNX1rcGD6lux0ECasMwp1k= last-modified Thu, 21 Dec 2023 07:39:51 GMT server cloudflare etag "2deea30793899f56a236f1ba505155ab" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb179276537-LHR expires Tue, 04 Jun 2024 11:02:21 GMT
GET H3	200	6579dd0b5f9a54376d296a5b_facebook.svg cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	368 B 676 B	56ms 56ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT x-amz-version-id RZplueeOMT9I2ezQMMUJ8cw13HoQeV5p content-encoding gzip cf-cache-status HIT x-amz-request-id 4YCYPC8MA0DPNYKD age 321372 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 sMyY1/K0a4fBORsGXvQgv7rCLzRtvk836VJQihoX6c0FHxRCMicx+o+LczMXE5iQzSnhlTgRrvI= last-modified Wed, 13 Dec 2023 16:34:21 GMT server cloudflare etag W/"b92a7c9703a268bda64464e9f8c245fd" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb1d9b16537-LHR expires Tue, 03 Jun 2025 11:32:21 GMT
GET H3	200	6579dd0b5f9a54376d296a6f_twitter.svg cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	351 B 690 B	59ms 57ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id qTS56BoR0gVqfX6mJuOtV4Wu10z6D4RY content-encoding gzip cf-cache-status HIT x-amz-request-id 4YCW6KHZQFXNM3SV age 321373 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 UwkUGaL7c44O3NgBVKEce3ME5FEnvjsHhbYSQJfWS9i2npQlhgz08REAx4E45q+6ABVaDZQvut2KeooHcivWrudud62xsTZBwPdex/0w9Cs= last-modified Wed, 13 Dec 2023 16:34:21 GMT server cloudflare etag W/"e0a4b7f37d6875804665234ecff1cb23" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb57ed16537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H3	200	6579dd0b5f9a54376d296a70_linkedin.svg cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	675 B 821 B	104ms 100ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id mMxIOUbXDP4hW6NdJCWI58VrmvAg.At1 content-encoding gzip cf-cache-status HIT x-amz-request-id 4YCJZM58NRF6KQPY age 322812 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 ZV/sIVDF7BksYTCipnDYPvY3RsIzarQt8H5yW0Gq3s97MqFEsRgHMvDR01EYcIYGFKXjZIMCBeO5Aof8DxVz71HNvwdr9q3h2e0jV5YwXCM= last-modified Wed, 13 Dec 2023 16:34:21 GMT server cloudflare etag W/"67b0ebebe9b8817edbfa41bdfd2e8c6e" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb57ed46537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H3	200	6579dd0b5f9a54376d296a5a_download.svg cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	820 B 800 B	63ms 59ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id 5Ss_XSS0A3iWbPuuBVg7J8jICwbGfHO4 content-encoding gzip cf-cache-status HIT x-amz-request-id 4YCS40244C6BAVSC age 321373 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 T4C+SZuNuuCT1zi93ok8pCTUb7j1LuZ0dYg28v0B4J8zZn8I5Q8lYjaq7GFb6Xp+VveF5GwwU04= last-modified Wed, 13 Dec 2023 16:34:21 GMT server cloudflare etag W/"8d8c0614e1e224001d7c6dec535490b1" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb57ed66537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H3	200	6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	2 KB 2 KB	65ms 61ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id X1oARd.5yRkM1108eqnTnHXez5VJo2XZ cf-cache-status HIT x-amz-request-id B2HAM0G64B66AMJP age 60385 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 1996 x-amz-id-2 34T1ErqzyJnyvE+rjeZv9QP3Gib/5/cbXphGiiQHIm7GZe2CjrOdSxkYsUgMft5el3mXIPZnUSU= last-modified Thu, 21 Dec 2023 07:39:50 GMT server cloudflare etag "8a941746cf0b15b4b601f10dac732f1c" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ed86537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f4c2406c2806a6b094317_ZHXWJNA38F0YJBailWl8wABFNjamuJWNzg6TXyo8qfqYdZoH5Jn7zS_Gdyh3I9GXDotYbPVSvJZG_oZp9zhm7H_T8Thu5RTDtlKdSu_XXQ16tYeZ22Yhz5D6BsdQNDZOtqg33wU5RCDll4OvNml3P7k.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	41 KB 42 KB	62ms 58ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f4c2406c2806a6b094317_ZHXWJNA38F0YJBailWl8wABFNjamuJWNzg6TXyo8qfqYdZoH5Jn7zS_Gdyh3I9GXDotYbPVSvJZG_oZp9zhm7H_T8Thu5RTDtlKdSu_XXQ16tYeZ22Yhz5D6BsdQNDZOtqg33wU5RCDll4OvNml3P7k.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7191cd280fe8a56ef0f48bb09d55a712e99523a8a74f2604d7337ec9dec70fee Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id p6bwq7nlHAThGs0bnJDGrmQdorKZZqCG cf-cache-status HIT x-amz-request-id YYSAB051AQ3XFV4Z age 61471 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 42449 x-amz-id-2 LPHWVFI0WeQwZwg2uRf+Bg6Byb6qmKOZ/mzVQoejC6H0rPH26POYjFkveBXg4UcD9iBmNS4ngoA= last-modified Thu, 23 May 2024 14:01:09 GMT server cloudflare etag "88ce76ef955ffb4f1ff820a45bf0022f" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ed96537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f4c2e1a37463ff60cc82b_VHHSvXYy3OJMu8mK6QTsElWype9f0nYzAKe4RSj8pJM4bFSjuCPL_BcuB3GRTPJEcFlCRWCjIJJAxJYfeuHQFHRA0L5LSZHZlCwJsw9pIJXKqPXPPre6hBe4EjCgX5mITYxMFxxhgCrRgZJPjLBblBg.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	43 KB 44 KB	104ms 100ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f4c2e1a37463ff60cc82b_VHHSvXYy3OJMu8mK6QTsElWype9f0nYzAKe4RSj8pJM4bFSjuCPL_BcuB3GRTPJEcFlCRWCjIJJAxJYfeuHQFHRA0L5LSZHZlCwJsw9pIJXKqPXPPre6hBe4EjCgX5mITYxMFxxhgCrRgZJPjLBblBg.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3c9e9f54151e5c8a9a3b20baf7cba85a6a83b70d5b27962564fc6254ea5f0d0a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id ygMA6WcZi6xDZIMuwbPcmG.ci7JnaYE_ cf-cache-status HIT x-amz-request-id T2J1J8PH6TKKN67C age 61471 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 44267 x-amz-id-2 e8k8TpObnZ6VGgZZzO7e2tUwu2SqlIUBIILAzKLBxZTpg7iUZyT2EUGiRxz8weSmHQC0AR2dBLswGLgqXxFya3EQ+BpaoYrV last-modified Thu, 23 May 2024 14:01:19 GMT server cloudflare etag "7927083271cff27ddbee13b619e7ad2d" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57eda6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f4c3b3bdd5fc641736333_uNltK736FVy4ymznwJg0qBcFixRY0ApbnQrpATbeT_XxmYYKjAb1Ioot8LNxfRtGcWhB0-2l8omk6KMLlvKgEJIyok-mqAsF-Ui7reUE2a0CUlO2Zi2hHADHPrI12A6wrxvT2CqGQGRVH058DoMZn8o.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	42 KB 43 KB	65ms 61ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f4c3b3bdd5fc641736333_uNltK736FVy4ymznwJg0qBcFixRY0ApbnQrpATbeT_XxmYYKjAb1Ioot8LNxfRtGcWhB0-2l8omk6KMLlvKgEJIyok-mqAsF-Ui7reUE2a0CUlO2Zi2hHADHPrI12A6wrxvT2CqGQGRVH058DoMZn8o.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9adf7787e0b80b5d43557f979fafb442ad621eb81b884b926873f1955fa9a80 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id vI9_VS.YTh3cgAS8MC.DzyfHkdftHAT2 cf-cache-status HIT x-amz-request-id T2J0MGBXKYKXZK5Z age 61471 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 43491 x-amz-id-2 E+quuFCjQYKr8TDrpF25nybmIoOD833nvoRj5ZnDHqudF5sbKGYjDVUvTiIvaTKxrvz+51Tp6Pw= last-modified Thu, 23 May 2024 14:01:32 GMT server cloudflare etag "ab97db1f9b0e51641279e3d7f5edf42d" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57edb6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f4c88780288c7ae6b7bd8_8AgGT-Z3l_0i63mG7m4PB9B1ACnFnwhDKi54duSBzHw7JR4vaz4el9st3ZRitUmqAJy12sefTDvsNUnE9LnsSKEcTVZLoF87a-o1APbY0e3ylvutlqLoxedE-oBXUEUY290it49sgqXjxRYXATyVRwQ.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	51 KB 52 KB	65ms 61ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f4c88780288c7ae6b7bd8_8AgGT-Z3l_0i63mG7m4PB9B1ACnFnwhDKi54duSBzHw7JR4vaz4el9st3ZRitUmqAJy12sefTDvsNUnE9LnsSKEcTVZLoF87a-o1APbY0e3ylvutlqLoxedE-oBXUEUY290it49sgqXjxRYXATyVRwQ.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 618e5bb2cb31c3e4f92fb7379d373328eb29f48db831fec88879a646e060cd40 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id S_TtsEbp1pssMuFvKGkA_oaQ04SSinqt cf-cache-status HIT x-amz-request-id T2JFNN31TXVDG79K age 2215 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 52669 x-amz-id-2 syBo/xX6viA3xnoQ8UrJkMfiVijRZUXpKeMioEXhaSizvgqcmOXrL2KtJqM8DE7m4eKe/tDpGvc= last-modified Thu, 23 May 2024 14:02:49 GMT server cloudflare etag "0f4c3ecb9681dfe5cf9a5d9db749f57c" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57edc6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f69902d1e397696329238_YojatY6wmW_FurNwD5a3dPQXVwkWfP9O7-vpPDHP9oF3hye0Ln2WSvN69Wepr8gqoh1hpIDeK7pgFO5r628EQ4WzpaP3WY2vTocvJZA7wkQVaklgJ-Klrw2UT3wVpA-P9KOBOVLreRLg6JT5cR06RME.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	174 KB 174 KB	105ms 101ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f69902d1e397696329238_YojatY6wmW_FurNwD5a3dPQXVwkWfP9O7-vpPDHP9oF3hye0Ln2WSvN69Wepr8gqoh1hpIDeK7pgFO5r628EQ4WzpaP3WY2vTocvJZA7wkQVaklgJ-Klrw2UT3wVpA-P9KOBOVLreRLg6JT5cR06RME.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42c0fcadf36a796448f4ae49b14ca0d6446be30d7d267b7d1378c7135c5f9928 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id 5F44TvZwqc0TyWbvHnaslfk59H5dCplZ cf-cache-status HIT x-amz-request-id T2J41K1NQ8SP28GY age 61471 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 178042 x-amz-id-2 wXoxUSyE1auupPSTaMA/T0iVdAUvZWf5ylDjJ9OQz7MRSOc3pnFedBetGhKBuUbyasiPO9c9p+kBHlmMxhowWq2HyseLAG9nvVjqLttxsgk= last-modified Thu, 23 May 2024 16:06:41 GMT server cloudflare etag "16a259ed7fe7d4ba32e5736e3f107b3f" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57edd6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H2	200	aac0f5214866b378a1876e61d0088c1a.js Show response gist.github.com/HuskyHacks/	62 KB 10 KB	340ms 204ms	Script text/javascript	140.82.121.3 GITHUB
General Check archive.org Show headers Download Go to Full URL https://gist.github.com/HuskyHacks/aac0f5214866b378a1876e61d0088c1a.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US), Reverse DNS lb-140-82-121-3-fra.github.com Software GitHub.com / Resource Hash 497e86d6c983ff92a4b691bc8b9474fbd8996476edd5e413ddbd4495b9966934 Security Headers Name Value Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT strict-transport-security max-age=31536000; includeSubdomains; preload x-content-type-options nosniff content-security-policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-encoding gzip content-length 5694 x-xss-protection 0 referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin server GitHub.com x-github-request-id A37C:1091E1:44E7F2E:46338D2:665DA9C5 etag W/"497e86d6c983ff92a4b691bc8b9474fb" vary X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With x-frame-options deny content-type text/javascript; charset=utf-8 cache-control max-age=0, private, must-revalidate accept-ranges bytes
GET H3	200	664f51b21d59d0fcffe102d6_pPdQ6CcpWSj68cfsNZbc9UNx--49do8qrjcUFTegalKVTC7a6tW8tB1I-gSlzqZf7_CUHYnn4rWrK0dluBQcr5yg-3jZrJ6Cxn730OYdoKfT2w9gJdYP22ZYVwycQnRw26pMJwxu7bh06TUEALy93rM.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	610 KB 611 KB	105ms 102ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f51b21d59d0fcffe102d6_pPdQ6CcpWSj68cfsNZbc9UNx--49do8qrjcUFTegalKVTC7a6tW8tB1I-gSlzqZf7_CUHYnn4rWrK0dluBQcr5yg-3jZrJ6Cxn730OYdoKfT2w9gJdYP22ZYVwycQnRw26pMJwxu7bh06TUEALy93rM.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d831498dbe8501c7e9a2df2913b645a414e9ebd824a832aebd6b9f36a6ca845f Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id VDvRMNtyoS1abiQXnLrdOmLgXoigny4t cf-cache-status HIT x-amz-request-id T2J849ST2MMZPMTV age 61471 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 624784 x-amz-id-2 qvSCEb5qUP3p6SBDdNcrNZTzOWqHyPtfIk1XmoR8lwkhSVXA1kO/RM6r7fsCCoqKtF1Be9a4aL5/Zilg5gX2Jt24rtrABsr035GcBiY/v+E= last-modified Thu, 23 May 2024 14:24:51 GMT server cloudflare etag "3e52479ac3f438984954e84c4ab39476" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57edf6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f51f18433649db732b77f_lIA8xjxRMACFUk8lkkpSyfZuAEr8mofjRGtSdI8FvXyfh-n1-I-OQAF7achYcTSql0NH7I9sf9QfbqiF7GiBPe7pVzSWuvAd15S7Z5MyIGNrtWG_GlI_hMQZVqulmBd1L1FGAC91YjvJEkT7sZmYSWM.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	801 KB 802 KB	159ms 155ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f51f18433649db732b77f_lIA8xjxRMACFUk8lkkpSyfZuAEr8mofjRGtSdI8FvXyfh-n1-I-OQAF7achYcTSql0NH7I9sf9QfbqiF7GiBPe7pVzSWuvAd15S7Z5MyIGNrtWG_GlI_hMQZVqulmBd1L1FGAC91YjvJEkT7sZmYSWM.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e98a2ec520cebd00ef44de7f2fe3e60b5862588845e8829f2a9292fb3adb138f Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id MpgYqTOCuhBKHQ56dXgZneCNUedkrm7g cf-cache-status HIT x-amz-request-id T2JE55032HB6P9QH age 61471 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 820539 x-amz-id-2 uEX3AIa7PLRXYQWfDgArauFHt0M4kmcjLUvdbFqiGE9OJXQIj3O5z8vEkUfhgUayB/hboy9KZnrbNt3qVc5t7g== last-modified Thu, 23 May 2024 14:25:54 GMT server cloudflare etag "feaa18c0bcf68513a2f144d4c8e031d0" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ee26537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f523eb01c766173c93ac5_U3FWMHNbr0qkxoeE_F16BXV3FACph3P5cjDqOswqU4Rf_g3M2DMq3_c16JeLaMKtorv7VtRWYVLxFFWnroFWjowTnL2H84CyMd68iHiwdDew2h7KmDAcQ48FKr9Oe_BF-lhAjLYcwkf_HlV9m9vuZVQ.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	22 KB 23 KB	287ms 283ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f523eb01c766173c93ac5_U3FWMHNbr0qkxoeE_F16BXV3FACph3P5cjDqOswqU4Rf_g3M2DMq3_c16JeLaMKtorv7VtRWYVLxFFWnroFWjowTnL2H84CyMd68iHiwdDew2h7KmDAcQ48FKr9Oe_BF-lhAjLYcwkf_HlV9m9vuZVQ.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c71ccb9089d7333aa7ed8856d6da795f7b30851b55e04d5ed021f52b22a45300 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id px.82JPx0sTknBeC3Bq_PhifSLdze4Q5 cf-cache-status HIT x-amz-request-id T2J03KMDTH0Q43T1 age 61471 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 22894 x-amz-id-2 EjgiBNRimwgk9y2jCxBG9qD5HrNja3ZIaKbWubmfT72f1IXobRqJd0U+MqpHZI1xR9REzmN7dIQ= last-modified Thu, 23 May 2024 14:27:12 GMT server cloudflare etag "8d36e635daecbc011390b8d6d2048857" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ee46537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H3	200	664f5260dddd37b236bb82bb_8wgrE-Wc1ye5MPpwY9br14n-kzejJfSg_pvfFpYBm7eBDiTqemrFKxfm2vL1WtcRvd1P2kJzEJ2GSpraGNL4AJ0IsK6MqrKdp5I81hOG1qLrUAtAfeRungT6ba3_a19WLlgwKsuVin8TV916wt_j5y0.png cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	34 KB 34 KB	65ms 61ms	Image image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/664f5260dddd37b236bb82bb_8wgrE-Wc1ye5MPpwY9br14n-kzejJfSg_pvfFpYBm7eBDiTqemrFKxfm2vL1WtcRvd1P2kJzEJ2GSpraGNL4AJ0IsK6MqrKdp5I81hOG1qLrUAtAfeRungT6ba3_a19WLlgwKsuVin8TV916wt_j5y0.png Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash df28ab19a1f36e56e1f123b461e844cfe351b62300b7dbe6e752707005fde687 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id n5Oe._Fc93TQB4r1FYoI6yW.BLYphue0 cf-cache-status HIT x-amz-request-id T2J6D73KS5HKYVXC age 2215 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 34609 x-amz-id-2 4+7VCdiWu71BD6uXD9Cdo0sHoSuc1FBSMSetiNwzJg158xwZTE+jQZBz/PYXBtcPFarTgNWdTLw= last-modified Thu, 23 May 2024 14:27:45 GMT server cloudflare etag "eead59c0de69433d2262dd13e22253f3" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ee76537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H2	200	jquery-3.5.1.min.dc5e7f18c8.js Show response d3e54v103j8qbb.cloudfront.net/js/	87 KB 30 KB	188ms 61ms	Script application/javascript	52.222.232.99 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.232.99 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-232-99.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 04:40:05 GMT content-encoding br via 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront) age 24737 x-amz-cf-pop FRA56-P4 x-cache Hit from cloudfront last-modified Mon, 20 Jul 2020 17:53:02 GMT server AmazonS3 etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=84600, must-revalidate vary Accept-Encoding x-amz-cf-id zbCA6Kv7T3AHoaHhK2Klh4k9rluB1n1G4ZDOAxDaxilvx-t8DRXTYA==
GET H3	200	huntress-new.84a72459f.js Show response cdn.prod.website-files.com/6579dd0b5f9a54376d296915/js/	1 MB 212 KB	67ms 66ms	Script text/javascript	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.84a72459f.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 73928859780e5101558e6c4794c83f9c02c96339747c4315928d33c8905ad565 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT content-encoding gzip x-amz-version-id didhHBufOMXSCi.L26bwb7McVtVCc0bt cf-cache-status HIT x-amz-request-id SFBQQENV212YE273 age 68977 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 216683 x-amz-id-2 chPNG78e88mM0UtcuAdnApIlkgujQ3XxES+YFFTNB4btOt7uuzhH3uwvHvRdYYUHUfOzLhlESNI= last-modified Thu, 30 May 2024 16:18:53 GMT server cloudflare etag "c8caa1882d109bed5e473e1db9cf5825" vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb36bce6537-LHR expires Tue, 04 Jun 2024 11:02:21 GMT
GET H2	200	3911692.js Show response js.hs-scripts.com/	3 KB 1 KB	266ms 162ms	Script application/javascript	2606:4700::6810:8ad1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/3911692.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff29514a2c45b9aa0a6d9b981cad631757b7581b2608e5cf883594a3caec5901 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id aea0d6a1-715b-4b58-b86e-7bec0a5efcd9 x-envoy-upstream-service-time 15 content-length 700 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id aea0d6a1-715b-4b58-b86e-7bec0a5efcd9 last-modified Mon, 03 Jun 2024 11:30:40 GMT server cloudflare vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.huntress.com x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-5d47c8d44f-8vzqp access-control-allow-credentials true cache-control public, max-age=90 accept-ranges bytes cf-ray 88df5cb61a74777a-LHR expires Mon, 03 Jun 2024 11:33:52 GMT
GET H3	200	slick.min.js Show response cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/	42 KB 11 KB	59ms 56ms	Script application/javascript	104.18.187.31 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.187.31 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 6625599 x-jsd-version 1.8.1 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 10412 x-served-by cache-fra-eddf8230096-FRA, cache-lga21927-LGA x-jsd-version-type version server cloudflare etag W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zI8OH5oHpVkpCt9%2FpRORXM78Sw4GipvnK6d9gz7DSXgQng%2B6s6zihsKOiYCI8zysUbi9J9%2F9gnSdHE01TMWPcjP05M5jg2fDAVJnpLlxz2I6xGbtsF3XhwsDt2LBVL3rkBk%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin * cf-ray 88df5cb5784ddd81-LHR
GET H2	200	bundle.v1.0.0.js Show response tools.refokus.com/rich-text-enhancer/	2 KB 1 KB	369ms 46ms	Script application/javascript	76.76.21.93 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id lhr1::lftbq-1717414342088-2754252e5ab7 age 4219162 etag W/"bfd9ff53d0c1baa43dbb0f44751f23e9" x-vercel-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate content-disposition inline; filename="bundle.v1.0.0.js"
GET H2	200	medium-zoom.min.js Show response cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/	9 KB 3 KB	62ms 62ms	Script application/javascript	2606:4700::6812:ba1f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:21 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 2178490 x-jsd-version 1.0.3 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 3091 x-served-by cache-fra-etou8220020-FRA, cache-lga21959-LGA x-jsd-version-type version server cloudflare etag W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sP9UxgjHmopDSKYgJ7yDCEPQL1LolQnvw9V0I%2F6frZ4P9ROZJsM21bPj%2F57AkkeSy0EvGUs2Mke8oh4GmOou9xy2YP1zsWiZFPL7o90KhPudf157S3NCgr%2BoOOmRdnOF4SCy5HSHSLII82rveZ4%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin * cf-ray 88df5cb49d2b7701-LHR
GET H2	200	form-124.js Show response hubspotonwebflow.com/assets/js/	10 KB 3 KB	165ms 62ms	Script application/javascript	76.76.21.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hubspotonwebflow.com/assets/js/form-124.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id lhr1::789r9-1717414342021-634ff27f8b28 age 1437261 x-matched-path /assets/js/form-124.js etag W/"392ca1f460caa2aa9439969a89f31c13" x-vercel-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate content-disposition inline; filename="form-124.js"
GET H3	200	6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js Show response cdn.prod.website-files.com/	144 B 557 B	62ms 61ms	Script application/javascript	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip x-amz-version-id fKVYVp7VLozdKwo7Gp68VwPn_1qCAcOV cf-cache-status HIT x-amz-request-id SYEPP1MBFVBP058T age 68978 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 131 x-amz-id-2 It1eBzpZVnFTLQ7hYsT/FOvvhmuILy6yJgP12wGRKjX00CTwd4kQtBd4BAb5qP9uRg4/NzC0EliEsezE5I7hkm/94Jtwo3YhPk6dRyrr67Q= last-modified Tue, 26 Dec 2023 09:16:55 GMT server cloudflare etag "94d95acc94c6624c39cb9873e3da3787" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb57ecb6537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/	524 KB 208 KB	176ms 55ms	Script text/javascript	2a00:1450:4001:827::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 44ec88fca0b915a741f9efcf5ef13d40133cb7e6501aa18d56490532c83adc95 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 08:44:42 GMT content-encoding gzip x-content-type-options nosniff age 10060 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 212201 x-xss-protection 0 last-modified Mon, 27 May 2024 02:00:43 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 03 Jun 2025 08:44:42 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	360 KB 109 KB	212ms 93ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f8e8ab848f0c8e1b54e0531a850c65b34603cb76c054f80ced9c8be27ad00edf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 111044 x-xss-protection 0 last-modified Mon, 03 Jun 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 03 Jun 2024 11:32:22 GMT
GET H2	200	6si.min.js Show response j.6sc.co/	66 KB 18 KB	67ms 64ms	Script application/javascript	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: j.6sc.co URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 09 May 2024 06:01:25 GMT server nginx/1.14.0 (Ubuntu) etag "663c66b5-106b3" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 18038 expires Mon, 03 Jun 2024 11:32:22 GMT
GET H2	200	5d3cypit2iz8.js Show response js.driftt.com/include/1717414500000/	212 KB 60 KB	202ms 64ms	Script application/javascript	18.245.86.73 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.86.73 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-86-73.fra60.r.cloudfront.net Software istio-envoy / Resource Hash 93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi strict-transport-security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains via 1.1 d0e0fdfe87d75193de6278b5eca393f8.cloudfront.net (CloudFront), 1.1 bc3ecf5f025b0be9b8c39c5dd2dace2e.cloudfront.net (CloudFront) date Mon, 03 Jun 2024 11:32:16 GMT content-encoding gzip x-amz-cf-pop IAD61-P3, FRA60-P6 age 6 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-envoy-upstream-service-time 39 last-modified Mon, 21 Aug 2023 14:57:31 GMT server istio-envoy etag W/"576cdc1c0941a520c47b54aef3b463f7" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=10 access-control-allow-credentials true,true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 7PCzPVZG1UQRYS0s1c2qkUnwOc1x5Vk2ZUGgL5GmcHVYB3SlUDfwMQ==
GET H3	200	6579dd0b5f9a54376d296a7c_search.svg cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	654 B 712 B	283ms 282ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a7c_search.svg Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 442375f1dd6362e4a3e889f3f11e7d14aa686899a36f112ae73986a80475681b Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id ZAs7majvHYt8oLX63btjRfdozrskAdOe content-encoding gzip cf-cache-status HIT x-amz-request-id FVC6ENAZS09JPTQT age 322653 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 iMwtTJTlsQic062ldR2tWWe/QpI/twW/kC08NAuSkE36Uv1Ip3dKhA5wwkH3rJWcJmGyDJqQCFeIpDIE2IHBQQ== last-modified Wed, 13 Dec 2023 16:34:21 GMT server cloudflare etag W/"166c01555262c9617db663ec8a38364b" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb57ee86537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H2	200	6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 assets.website-files.com/6579dd0b5f9a54376d296915/	17 KB 18 KB	253ms 70ms	Font application/octet-stream	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2 Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Dec 2023 20:23:09 GMT x-amz-version-id At.YFBHJO4EQclecPPM23aBnfk3j2h1H via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 13619354 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 17728 last-modified Wed, 13 Dec 2023 16:34:20 GMT server AmazonS3 etag "fd0185054945b2abe907dc7e524389c9" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/octet-stream access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id yYo2_4oPx0GH2jvcls6Q0Hed1lk1l290kSYKdGdipXIkC_Cxz6L_yw==
GET H2	200	6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 assets.website-files.com/6579dd0b5f9a54376d296915/	18 KB 18 KB	294ms 111ms	Font application/octet-stream	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2 Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Dec 2023 20:23:17 GMT x-amz-version-id 4JksoGDTlz479HpJYtobtrz0YXSwp3Rx via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 13619346 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 18204 last-modified Wed, 13 Dec 2023 16:34:20 GMT server AmazonS3 etag "5aec097021a58170197314c745d296db" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/octet-stream access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id Wa_8DI3ISkLZZQqTiqc-JKWzkeYVEQ4NIY09O1NJhAAvys0bvM82Kw==
GET H2	200	6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 assets.website-files.com/6579dd0b5f9a54376d296915/	21 KB 21 KB	314ms 132ms	Font application/octet-stream	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2 Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 28 Dec 2023 20:23:09 GMT x-amz-version-id 6cft5KdwVHtlIu77Lo8AxPLF1V_1aCGv via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 13619354 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 21280 last-modified Wed, 13 Dec 2023 16:34:20 GMT server AmazonS3 etag "4be3159e8cb3fb66b8e847dd0bedb2ed" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/octet-stream access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id 4zSXMonOuawRmS5f4e8aitrkkNH6O8uzVkqFLCID-H4jBpxRicru2Q==
GET H2	200	6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 assets.website-files.com/6579dd0b5f9a54376d296915/	18 KB 18 KB	338ms 155ms	Font application/octet-stream	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2 Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 14:18:18 GMT x-amz-version-id SgNlIeK2CMt3IfgkJzcYPm6BQJFO8VdG via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 335645 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 18124 last-modified Wed, 13 Dec 2023 16:34:20 GMT server AmazonS3 etag "b62b51b8a8a1c83c200a484a4149c151" content-type application/octet-stream access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id akkGbKVDkLGs_nBT3ffv_rYpKGJIo5OfvOLvx_Y2GDo6i1v9TcE4uw==
GET H3	200	655ddcc107aef728354e9cbf_Huntress-logo.svg cdn.prod.website-files.com/655ddcc107aef728354e9c2a/	16 KB 13 KB	276ms 275ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id ll9DT5jxvCo6dqqJTOhzWIKk94gBwQHc content-encoding gzip cf-cache-status HIT x-amz-request-id FVC9ZRCHG5AA2V2J age 322832 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 77qMVv7ufETdG50NGIu6BByCVbU86Yqk2d1mXcr/mrGnWmPWKixKwdXe8oP4KiDVh/s0IY+STdE+A9dgsR1cdXcisL1GVgdGzALwNYVvDEY= last-modified Wed, 22 Nov 2023 10:49:38 GMT server cloudflare etag W/"1b58a7f9d25209475f7150623a7b9993" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb58efd6537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H3	200	656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg cdn.prod.website-files.com/655d92689c415e9fefcf2368/	407 B 674 B	276ms 275ms	Image image/svg+xml	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF content-encoding gzip cf-cache-status HIT x-amz-request-id FVC7HZ8HVBFX4HXK age 322702 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 iNGut8bC/ryAFxlgEGt3yoo5ijja+4Jl6ix5fm6TBtea9dOyTIKNnMhz2rL0wq1mDAjErOlaVGU= last-modified Fri, 24 Nov 2023 10:23:48 GMT server cloudflare etag W/"7b97da408ecd186da2775e85d3b5fc35" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 88df5cb58efe6537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H3	200	6616d86381a9eda9e9eb87c2_matt_kiely_237.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296939/	55 KB 56 KB	276ms 276ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296939/6616d86381a9eda9e9eb87c2_matt_kiely_237.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 52820b6c3068918e51abf98b3c8c33b29d057402b5b303a5aec68ed69384953f Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id AnqhXJ7lxOmf6nMBzU1Xi92xiMlFbEbK cf-cache-status HIT x-amz-request-id TQCS237JJH0FF2TC age 316365 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 56594 x-amz-id-2 O1dR3iq1yQMIbpjuDuXn+uCMel8GXwtSV9u4c518Bhe6ZtELKw33xU74mKSnLDexISem75MBy+g= last-modified Wed, 10 Apr 2024 18:20:20 GMT server cloudflare etag "a089e64422cdd35cccdb45c06cfded92" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88df5cb58f006537-LHR expires Tue, 03 Jun 2025 11:32:22 GMT
GET H2	200	gist-embed-8c1a5bab9782.css github.githubassets.com/assets/	81 KB 15 KB	184ms 53ms	Stylesheet text/css	185.199.109.154 FASTLY
General Check archive.org Show headers Download Go to Full URL https://github.githubassets.com/assets/gist-embed-8c1a5bab9782.css Requested by Host: gist.github.com URL: https://gist.github.com/HuskyHacks/aac0f5214866b378a1876e61d0088c1a.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.199.109.154 , United States, ASN54113 (FASTLY, US), Reverse DNS cdn-185-199-109-154.github.com Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a6b57b7095432ace20e726d643c6f1be609a52d618993afa7328b9a64304c412 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fastly-request-id 2fff5037460387d4ea86fbf6c41f5a1e0dd39124 date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br via 1.1 varnish, 1.1 varnish strict-transport-security max-age=31536000 age 1451895 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 15011 x-served-by cache-iad-kcgs7200081-IAD, cache-fra-etou8220080-FRA last-modified Thu, 16 May 2024 22:17:17 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8DC75F5F25D5736 vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=31536000, immutable accept-ranges bytes x-cache-hits 15, 48
GET H2	200	6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf assets.website-files.com/6579dd0b5f9a54376d296915/	55 KB 29 KB	231ms 64ms	Font application/x-font-ttf	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 18:10:34 GMT x-amz-version-id quM.7z1k_e9xiPUszqLumStS9j4JLmMp content-encoding br via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 321709 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Wed, 13 Dec 2023 16:34:21 GMT server AmazonS3 etag W/"541d84af93ed55a92a75644198c26ca5" vary Accept-Encoding content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id 1g9-SFcaAT-FR-0MQCZxjLRTrBzwVsB9zU9t9sfQYTq0o3LQgAwQ7g==
GET H3	200	6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	2 KB 3 KB	259ms 259ms	Image image/webp	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id 0.i3tZnqpf4mpcjZIZI6k.PdzUSOLecT cf-cache-status HIT x-amz-request-id BEDZACE7WHACFJ9Q age 61471 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 2196 x-amz-id-2 qvMIhiWq/WQAtXFhkHVXbQx/Mz5uvFn+30JgPpivsiuKT8hEi6s5LaslaLKRDq20ZhUCk+vHznc= last-modified Thu, 21 Dec 2023 07:39:51 GMT server cloudflare etag "3574559fb267295e5e44a4509e2e6e4f" vary Accept-Encoding content-type image/webp access-control-allow-origin * cache-control public, max-age=84600 accept-ranges bytes cf-ray 88df5cb5af206537-LHR expires Tue, 04 Jun 2024 11:02:22 GMT
GET H2	200	6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 assets.website-files.com/6579dd0b5f9a54376d296915/	19 KB 19 KB	57ms 57ms	Font application/octet-stream	2600:9000:235a:3200:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2 Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.8263712c8.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3200:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://cdn.prod.website-files.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 30 May 2024 17:52:16 GMT x-amz-version-id 1upZc36cdk27x7Arg8l9thaL3L34ome5 via 1.1 4d37a80c51c1368344134f5bdf1ea92e.cloudfront.net (CloudFront) age 322807 x-amz-cf-pop FRA60-P9 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 19348 last-modified Wed, 13 Dec 2023 16:34:20 GMT server AmazonS3 etag "a0118c6d18835732ae0eb880babc7598" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/octet-stream access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id 6L6LFKy5xgEgmC85zGdjonFZjQiLMK54uX0ni2wgT-bplhx8xtAZdQ==
GET H2	200	19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js Show response huntresscdn.com/	111 KB 112 KB	181ms 64ms	Script text/plain	2606:4700:20::681a:1ad CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:1ad , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT cf-cache-status HIT last-modified Mon, 03 Jun 2024 10:46:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2734 vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6GOX7HNggCumXccda%2FpcifHNbloGVCkTIv8H1TDqEja7zILDvkPfbIvOBGKXzAoYEir1PZHWIUdy6hK9XxmtToUMK6cCVPzSZNO3JRZEGs9oI9bQ%2F0oz9ZKXNxdXcc6AgMKrV9dFctbRWI2eSw%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cache-control max-age=14400, maxage=14400 accept-ranges bytes cf-ray 88df5cb8eed6946d-LHR content-length 113865
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	69 KB 24 KB	162ms 56ms	Script application/javascript	2606:4700::6810:6efe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 390 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=88df5332c9cf53a2-LHR x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"7d377a186677c174f204d466b8fa5fdb" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset collected-forms-embed-js/static-1.503/bundles/project.js date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W x-content-type-options nosniff cf-cache-status HIT via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 5c73b0b0-287e-4925-bd33-9e46220e6ca3 x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-envoy-upstream-service-time 2 x-evy-trace-route-configuration listener_https/all x-request-id 5c73b0b0-287e-4925-bd33-9e46220e6ca3 last-modified Wed, 15 May 2024 14:34:44 UTC server cloudflare x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-mgch5 cf-ray 88df5cb9aa05636a-LHR x-amz-cf-id 9wz_GPsuqfXOlvBXod0AZDkZWvw5vQ-RZJtbuPlV8jICmvo24iu3fg==
GET H2	200	3911692.js Show response js.hs-banner.com/	61 KB 19 KB	177ms 66ms	Script text/javascript	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/3911692.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a7e62074b4311ed600655962e3217c9f2c33bd454457523a1d0fe36dfbb2207 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id RDrUrFX49NqTvtKL.PRguE6RUBzrS.gk content-encoding gzip cf-cache-status HIT x-amz-request-id FCBFT0E0K6TQSNGS x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 232e743b-ae9d-4107-941a-6358a8ef3151 age 101 x-envoy-upstream-service-time 16 x-amz-id-2 IkzpwflxARJ8MI3SOpy0hBnwOSGQ/rtVFCa6tFyZ4bdirOqNQhH4+j9ahcCTPMwbzxmFlnGFcXvk9ECYjbY32Q== x-evy-trace-listener listener_https x-request-id 232e743b-ae9d-4107-941a-6358a8ef3151 x-evy-trace-route-configuration listener_https/all last-modified Wed, 10 Apr 2024 21:07:09 GMT server cloudflare etag W/"381b0631a0eece43d9975eebeac4018a" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.huntress.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-jg42k vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 88df5cb9bd6f956c-LHR expires Mon, 03 Jun 2024 11:35:41 GMT
GET H2	200	3911692.js Show response js.hs-analytics.net/analytics/1717414200000/	69 KB 25 KB	170ms 61ms	Script text/javascript	2606:4700::6810:a0a8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1717414200000/3911692.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb60a91372499fbe6347fe3e7e4025436de778648109690751ee1fcf1a0d9b10 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id null content-encoding gzip cf-cache-status HIT x-amz-request-id MDHY7RPWSNKXKMKE x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id b5a4c739-1cf3-43c2-aeb2-d73913e9add9 age 102 x-envoy-upstream-service-time 37 x-amz-id-2 O7Ov9V/yraRi+GCjT/gGcQM290GQik5nUhOtj7eSp87RNTGWaWpzIXKms6SeVmBgQvMDfJUrp+A= x-evy-trace-listener listener_https x-request-id b5a4c739-1cf3-43c2-aeb2-d73913e9add9 x-evy-trace-route-configuration listener_https/all last-modified Thu, 30 May 2024 20:52:12 GMT server cloudflare etag W/"fab0749dacb154cc880867d4229e89e3" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v cache-control max-age=300,public access-control-allow-credentials false cf-ray 88df5cb9be09547b-LHR expires Mon, 03 Jun 2024 11:35:40 GMT
GET H2	200	leadflows.js Show response js.hsleadflows.net/	551 KB 92 KB	174ms 52ms	Script application/javascript	2606:4700::6812:8a11 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsleadflows.net/leadflows.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 3628 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=88df04261aaf9481-LHR x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"be45bdb720f44c8db4ee42bc228ff2a8" vary Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=86400, max-age=0 x-hs-target-asset lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb x-content-type-options nosniff cf-cache-status HIT via 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront) x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id cd56404c-5d34-4b5c-93a1-d33bdbc631f4 x-cache Hit from cloudfront cache-tag staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 6 x-evy-trace-route-configuration listener_https/all x-request-id cd56404c-5d34-4b5c-93a1-d33bdbc631f4 last-modified Thu, 30 May 2024 10:22:15 UTC server cloudflare access-control-max-age 3000 x-hs-cache-status MISS x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-vdptk cf-ray 88df5cb9be0463a8-LHR x-amz-cf-id PGdq1ETnfPnIGgMd-C-Q4EoY_kXqUqqEfUreQm0TbLzsRBDhBcAnrw==
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	175ms 60ms	Script application/javascript	2606:4700::6811:df98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 47d1036cdfb7fa765e45f0f3d193baadcd53005e95a2f9bf7b531ebfbf41ea2f Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id tGbAtiolnAFnleIlWBGAzvQOiFsm5cIW content-encoding gzip x-content-type-options nosniff via 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 474 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.563/bundles/pixels-release.js&cfRay=88df51239d9f63b5-LHR x-cache Hit from cloudfront x-hubspot-correlation-id 798dc7e2-8cf9-408e-b8e9-b3f0cdb7a4d8 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 798dc7e2-8cf9-408e-b8e9-b3f0cdb7a4d8 last-modified Thu, 30 May 2024 14:14:49 UTC server cloudflare etag W/"7f1cb0f6264fd05edb4cc0ec6a9bc096" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-lw8xd cf-ray 88df5cb9baa09445-LHR x-amz-cf-id lMXjKPUDLqKb5B-b6VX38oUF1rgvZzWxawRCzOG_0zszoYhxcTFM6w== x-hs-target-asset adsscriptloaderstatic/static-1.563/bundles/pixels-release.js
GET H2	200	web-interactives-embed.js Show response js.hubspot.com/	83 KB 24 KB	176ms 69ms	Script application/javascript	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hubspot.com/web-interactives-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/3911692.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b16ca83fe115bd1627bb1550a7d0b13bde273193d5ac3f90e1068b5d3d5cac35 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Origin https://www.huntress.com Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-encoding gzip age 102 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1155/bundles/project.js&cfRay=88df5a3d2e64652d-LHR x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"e5b3e7143fde861e87f8a5b38012a0ca" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control max-age=600 x-hs-target-asset web-interactives-embed/static-2.1155/bundles/project.js date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id h7bABr81Onr6R9O8fUlyAnRCCBf_PA8S x-content-type-options nosniff cf-cache-status HIT via 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront) nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id 2d912d90-3e25-4f86-ba36-093219393730 x-cache Hit from cloudfront cache-tag staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 x-evy-trace-route-configuration listener_https/all x-request-id 2d912d90-3e25-4f86-ba36-093219393730 last-modified Fri, 31 May 2024 15:16:48 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7hDgPsGtp5kM1mRuqoP2Ve5bjYaf6xSijctFwJbRhtfeOZRT5qccZ%2FVCjm5iqO0oocL5TRRl9TWEntsGKo1idVlJIesbbaxQ7E6WsrX8lNlx7rnjQJSVYn7cZyaSDyexj3YzZKbvx2aJnpl"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7 cf-ray 88df5cb9ba8f9472-LHR x-amz-cf-id GIr4QcjIrrCoAcIaJJQOgnONJ8FHdeqaiSz-JsOkrgAf_u6RXsQzKQ==
GET H2	200	js Show response www.googletagmanager.com/gtag/	339 KB 108 KB	87ms 86ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e902bb8c19359f41816a47a2cfabbd46022424f6e207280d32ce8bd9ebcbe66f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 110320 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 03 Jun 2024 11:32:22 GMT
GET H2	200	destination Show response www.googletagmanager.com/gtag/	262 KB 90 KB	86ms 85ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 0d6ac98b624586816caaa44fb37f36f386148f20bf00fa475c7fcb34310f84e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 92533 x-xss-protection 0 last-modified Mon, 03 Jun 2024 09:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 03 Jun 2024 11:32:22 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	47 KB 17 KB	175ms 54ms	Script application/javascript	2a02:26f0:3500:16::215:1490 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:1490 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 06 May 2024 17:20:18 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=81361 accept-ranges bytes content-length 16683
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	160ms 42ms	Script application/javascript	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Wed, 22 May 2024 17:01:28 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "16b7761205515ddc0668c12c434e8f00" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 12104
GET H3	200	qevents.js Show response a.quora.com/	41 KB 14 KB	135ms 71ms	Script text/plain	162.159.153.247 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a.quora.com/qevents.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H3 Security QUIC, , AES_128_GCM Server 162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT x-amz-version-id jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO content-encoding gzip cf-cache-status HIT x-amz-request-id M04HPBTPY5GDBBF5 age 5767117 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ= last-modified Thu, 28 Mar 2024 17:33:19 GMT server cloudflare x-amz-meta-s3cmd-attrs md5:87b5ecaafd0e88097cbbb1bbb7695fe9 etag W/"87b5ecaafd0e88097cbbb1bbb7695fe9" vary Accept-Encoding content-type text/plain cache-control public, max-age=14400 cf-ray 88df5cb998a9643d-LHR expires Mon, 03 Jun 2024 15:32:22 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	238ms 77ms	Script application/javascript	146.75.120.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip last-modified Fri, 22 Mar 2024 21:07:24 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kiad7000168-IAD, cache-fra-etou8220118-FRA
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	536ms 88ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Mon, 03 Jun 2024 11:32:23 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 15915767911E4D9084702AB34EB078ED Ref B: FRA31EDGE0721 Ref C: 2024-06-03T11:32:23Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	218 KB 59 KB	216ms 54ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 03 Jun 2024 11:32:22 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 57845 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=55, rtx=0, c=12, mss=1294, tbw=2798, tp=-1, tpl=-1, uplat=1, ullat=-1 pragma public x-fb-debug i3LBEyK47PM5PAkehE3doRrryjPgdE8NYn8FuJFJi0Rsg46gwiYW2jANpX9Pk5Eg0mRmLHCuNHOjAQcrqBN4DQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	1006267.js Show response tracking.g2crowd.com/attribution_tracking/conversions/	2 KB 1 KB	225ms 114ms	Script text/javascript	2606:4700:4400::6812:2b1f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&e= Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash af6ddf1001d730e7ffa215887728139badc461a99074cac35d55a19a9d6b3827 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff content-encoding br x-permitted-cross-domain-policies none x-dns-prefetch-control off cross-origin-resource-policy cross-origin content-disposition inline x-xss-protection 0 referrer-policy no-referrer server cloudflare cross-origin-opener-policy same-origin x-download-options noopen vary Origin, Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript;charset=UTF-8 access-control-allow-origin * origin-agent-cluster ?1 cf-ray 88df5cbaea8a7707-LHR
GET H2	200	e666a54d-ff29-48f9-9baa-2be6ac05412e.js Show response j.6sc.co/j/	837 B 837 B	608ms 607ms	Script application/javascript	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h content-encoding gzip date Mon, 03 Jun 2024 11:32:23 GMT x-amz-cf-pop BUD50-C1 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 438 pragma no-cache last-modified Fri, 18 Aug 2023 17:22:32 GMT server AmazonS3 etag "29df5bb770be8e518fe2206581f712a6" vary Accept-Encoding content-type application/javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes x-amz-cf-id 8rsoUYFlwl2m7BkvcVizgUWKr3imdCYEWhG-rV_WZUcLywiiEjD9bQ== expires Mon, 03 Jun 2024 11:32:23 GMT
GET H2	200	events.js Show response tags.srv.stackadapt.com/	18 KB 7 KB	309ms 147ms	Script text/javascript	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/events.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash 058fb73dd2c5e94f6089e2194b71537aae097c1c0a813c41628ef4aaf3bb54f0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Mon, 03 Jun 2024 11:32:23 GMT cache-control max-age=5 content-encoding gzip content-type text/javascript
GET H2	200	hotjar-2159185.js Show response static.hotjar.com/c/	10 KB 4 KB	219ms 61ms	Script application/javascript	18.239.94.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2159185.js?sv=6 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.94.35 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-94-35.ams1.r.cloudfront.net Software / Resource Hash 86a66bdec39f8a70285779e9e7f4af949aaf8781587f9fc8170b7b48f83c8c82 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=2592000; includeSubDomains content-encoding br x-content-type-options nosniff date Mon, 03 Jun 2024 11:32:22 GMT via 1.1 6c43684b05a77c1925eb58e93105a976.cloudfront.net (CloudFront) x-amz-cf-pop AMS1-P3 age 5 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin etag W/dc7b53bd771bf5877aa515bf6dd57142 vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cache-control max-age=60 x-amz-cf-id c8C7SRic8CieC_4rIwEOQcYZcty7EWVG558CATW7ehEsc7l-85SOHw==
GET H2	200	NeverBounce.js Show response cdn.neverbounce.com/widget/dist/	96 KB 29 KB	218ms 63ms	Script application/javascript	18.245.46.48 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.neverbounce.com/widget/dist/NeverBounce.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.46.48 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-48.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 02 Jun 2024 22:43:07 GMT content-encoding gzip via 1.1 9938d2bc2f9fab06207e42238c10bb32.cloudfront.net (CloudFront) last-modified Mon, 02 Mar 2020 18:37:33 GMT server AmazonS3 x-amz-cf-pop FRA56-P9 age 46156 etag W/"c1e06621030dfcba15b88abbcaa546eb" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id mVnfesIy0v6YvHo90lHsDukuyGIbhoyL3u_HcXuf_Nlaps7gckIj8Q==
GET H2	200	tracking.js Show response trk.techtarget.com/	3 KB 2 KB	250ms 98ms	Script text/javascript	2606:4700:4400::ac40:973c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk.techtarget.com/tracking.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT via 1.1 google content-encoding br cf-cache-status HIT cf-bgj minify last-modified Tue, 13 Dec 2022 15:01:39 GMT strict-transport-security max-age=0; includeSubDomains; preload age 70953 server cloudflare vary Accept-Encoding content-type text/javascript cache-control public, max-age=1200 cf-ray 88df5cbb4d1694d9-LHR expires Mon, 03 Jun 2024 11:52:22 GMT
GET H/1.1	200 OK	pixel q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/	43 B 422 B	647ms 119ms	Image image/gif	52.6.21.232 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.6.21.232 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-6-21-232.compute-1.amazonaws.com Software nginx / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Mon, 03 Jun 2024 11:32:23 GMT Strict-Transport-Security max-age=63072000; includeSubDomains; preload Server nginx Connection keep-alive Content-Length 43 X-Q-Stat ,d23e22a90a7270c40689c62d1cf977f6,10.0.0.69,29702,82.199.130.38,,247077403751,1,1717414343.349,0.002,,.,0,0,0.000,0.000,-,0,0,203,260,130,10,34729,,,,,,-, Content-Type image/gif
GET H3	200	anchor www.google.com/recaptcha/api2/ Frame 3C78	0 0	202ms 77ms	Document text/html	172.217.16.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=en&v=DH3nyJMamEclyfe-nztbfV8S&size=normal&cb=scls0h201dgj Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/recaptcha__en.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.16.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS zrh04s06-in-f132.1e100.net Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-lveh8cnuAhHr7ohUEU0x5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-lveh8cnuAhHr7ohUEU0x5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Mon, 03 Jun 2024 11:32:22 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	133 B 452 B	165ms 146ms	XHR application/json	2606:4700::6810:6efe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk= Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 543351d4360e32621e4bb7588aa7b81d1fbc027c580a6246938e3fc8a2dfedcc Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/json, text/plain, */* Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 63d0f4f2-b036-40bd-a400-7aed08ed119c x-envoy-upstream-service-time 8 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 63d0f4f2-b036-40bd-a400-7aed08ed119c server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.huntress.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-68b7f7fbff-sc4vs access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 88df5cba8b60636a-LHR
POST H3	200	429191348 google.com/pagead/form-data/	0 0	437ms 68ms	Ping text/html	142.250.186.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://google.com/pagead/form-data/429191348?gtm=45be45t0v9136018371z89171248136za201zb9171248136&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&frm=0&pscdl=noapi&auid=824178263.1717414343&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.174 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f14.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers
POST H3	204	429191348 google.com/ccm/form-data/	0 17 B	340ms 67ms	Ping text/plain	142.250.186.174 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://google.com/ccm/form-data/429191348?gtm=45be45t0v9136018371z89171248136za201zb9171248136&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&frm=0&pscdl=noapi&auid=824178263.1717414343&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.174 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f14.1e100.net Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.huntress.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 246 B	276ms 67ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je45t0v9122196611z89171248136za200zb9171248136&_p=1717414341403&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=833873694.1717414343&ul=en-gb&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1717414342&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&dt=Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2083 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.huntress.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 255 B	172ms 54ms	Ping text/plain	2a00:1450:400c:c06::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GCTMBVFESS&cid=833873694.1717414343&gtm=45je45t0v9122196611z89171248136za200zb9171248136&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.huntress.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	295ms 89ms	Image image/gif	142.250.185.195 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=833873694.1717414343&gtm=45je45t0v9122196611z89171248136za200zb9171248136&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1980042852 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s52-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	view Show response js.hs-banner.com/cookie-banner-public/v1/activity/	0 174 B	157ms 157ms	XHR text/plain	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/json Response headers date Mon, 03 Jun 2024 11:32:23 GMT x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d323035f-d79f-4c3a-92ec-3881fd7128df x-envoy-upstream-service-time 20 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d323035f-d79f-4c3a-92ec-3881fd7128df server cloudflare access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.huntress.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing vary origin access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-q4rbs timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 88df5cbcc89293e9-LHR
OPTIONS H2	200	view js.hs-banner.com/cookie-banner-public/v1/activity/ Frame	0 0	243ms 139ms	Preflight application/octet-stream	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.huntress.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.huntress.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing access-control-max-age 604800 cf-cache-status DYNAMIC cf-ray 88df5cbbef8993e9-LHR content-length 0 content-type application/octet-stream date Mon, 03 Jun 2024 11:32:23 GMT server cloudflare timing-allow-origin * vary origin x-envoy-upstream-service-time 0 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-2r68v x-evy-trace-virtual-host all x-hubspot-correlation-id 704a6ace-05e5-4fa7-aa14-75be2f7fedfa x-request-id 704a6ace-05e5-4fa7-aa14-75be2f7fedfa
GET H2	200	combinedConfigs Show response cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/	433 B 1 KB	199ms 184ms	Fetch application/json	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c2f54b1a-0ab9-4bc4-8f17-befb18a26ff3 x-envoy-upstream-service-time 36 content-length 215 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c2f54b1a-0ab9-4bc4-8f17-befb18a26ff3 server cloudflare vary origin access-control-allow-methods OPTIONS, GET content-type application/json;charset=utf-8 access-control-allow-origin https://www.huntress.com x-evy-trace-virtual-host all access-control-max-age 180 access-control-allow-credentials true cache-control max-age=0, no-cache, no-store report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3cVhyLz53aGFDZQQ4H77h2kssFZTUaX2HWe4HuQzRhJz9DJgHwvn3Mq0HJdRYWe6fSJSTsMUgsJSOZ0%2B%2BQFkutS5Knc%2BK%2FbH4qMcDJjqFDnbP83A5unaHhuNbJgSeb%2FUFmjOptGSoKQUIJmoLDNCIWtiCHSiJ4FROII%3D"}],"group":"cf-nel","max_age":604800} x-robots-tag noindex, follow access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent cf-ray 88df5cbb7ca29472-LHR x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-qhrwc
GET H2	200	config Show response pixel-config.reddit.com/pixels/t2_12z44i/	3 B 124 B	275ms 60ms	XHR application/json	151.101.129.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/t2_12z44i/config Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT content-encoding gzip via 1.1 varnish content-type application/json access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes content-length 27
GET H2	200	t2_12z44i_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 700 B	148ms 50ms	XHR application/json	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 98
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	254ms 59ms	Image image/gif	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1717414342945&id=t2_12z44i&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e88ca9d5-fe1b-4bbc-b0b3-254450a14657&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc= Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	rp.gif alb.reddit.com/	42 B 75 B	221ms 60ms	Image image/gif	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1717414342959&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e88ca9d5-fe1b-4bbc-b0b3-254450a14657&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc= Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 880 B	268ms 154ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 1e834ad2-54e9-408c-a37c-f0beed7764e9 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 1e834ad2-54e9-408c-a37c-f0beed7764e9 server cloudflare vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-nr4kt access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 88df5cbceccb6101-LHR
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 816 B	410ms 267ms	XHR application/json	2620:1ec:22::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept * Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT content-encoding gzip x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: BDCE5C884A6B4F8EB78B1CD06406F678 Ref B: VIEEDGE2710 Ref C: 2024-06-03T11:32:23Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-lva1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYZ+q/cuZv9k/jJTUHA+w== x-fs-uuid 000619faafdcb99bfd93f8c94d41c0fb
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecra... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1717414343028%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fb... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecra... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecr...	0 483 B	332ms 203ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&cookiesTest=true&liSync=true&e_ipv6=AQImtk474pDkkQAAAY_d3zUtv1viSW9k2zBlFsV5JP2tq2mL0_ZO5lw6xHPXNT2l Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers date Mon, 03 Jun 2024 11:32:24 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 20F44DA8AFB540E991C8910424E7F9DA Ref B: DUS30EDGE0810 Ref C: 2024-06-03T11:32:24Z linkedin-action 1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} content-type application/javascript x-li-fabric prod-ltx1 x-cache CONFIG_NOCACHE x-li-proto http/2 content-length 0 x-li-uuid AAYZ+q/sxjQ9AOMJOTdHUg== Redirect headers date Mon, 03 Jun 2024 11:32:23 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: F6307702AF014CFC805995C840B9796B Ref B: VIEEDGE1807 Ref C: 2024-06-03T11:32:23Z linkedin-action 1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1717414343028&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&cookiesTest=true&liSync=true&e_ipv6=AQImtk474pDkkQAAAY_d3zUtv1viSW9k2zBlFsV5JP2tq2mL0_ZO5lw6xHPXNT2l x-cache CONFIG_NOCACHE x-li-proto http/2 content-length 0 x-li-uuid AAYZ+q/nnwf6raRCxznGkg==
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 837 B	390ms 254ms	XHR text/plain	2620:1ec:22::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://www.huntress.com/ sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:22 GMT nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: FF7780F06935408990CD3B6D7F56902F Ref B: VIEEDGE1807 Ref C: 2024-06-03T11:32:23Z linkedin-action 1 vary Origin report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} x-li-fabric prod-ltx1 access-control-allow-origin https://www.huntress.com x-cache CONFIG_NOCACHE x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYZ+q/dLMuTJR40dzhjGQ==
GET H2	200	adsct t.co/1/i/	43 B 375 B	345ms 174ms	Image image/gif	93.184.221.165 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c40ca8db-ee0a-45a8-8d21-270fd94f3923&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=25fa176a-9ddc-47d9-81bc-8a6bc6f94dbf&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 104 date Mon, 03 Jun 2024 11:32:23 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 7cc4917c34d75639 cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash de118de344a1a19467b0bd80b3ac75ea87ecc0c507866f691d23270cdc23e734 content-length 43
GET H2	200	adsct analytics.twitter.com/1/i/	43 B 725 B	357ms 232ms	Image image/gif	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c40ca8db-ee0a-45a8-8d21-270fd94f3923&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=25fa176a-9ddc-47d9-81bc-8a6bc6f94dbf&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_f / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-response-time 188 date Mon, 03 Jun 2024 11:32:23 GMT strict-transport-security max-age=631138519 server tsa_f content-type image/gif;charset=utf-8 x-transaction-id 962316565ff9672b cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 67ad8724f2a23bd1ee679fc07061b8282b9ebe7570e165c02c8837599508cb99 content-length 43
GET H2	200	modules.6c99e208a7eca4afc439.js Show response script.hotjar.com/	222 KB 55 KB	180ms 54ms	Script application/javascript	18.65.39.52 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.6c99e208a7eca4afc439.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.65.39.52 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-65-39-52.ams1.r.cloudfront.net Software / Resource Hash d6988b19f8a766d35b2c6ab03163ba8f842bbc1374f4fcb4c9ac2ff313b2a97e Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 09:17:07 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) x-amz-cf-pop AMS1-P1 age 8116 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 56116 last-modified Mon, 03 Jun 2024 09:16:30 GMT etag "7df4bc9bd439517b3d70061e6466bdfd" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id G6XUvBJRfnStGm6H_WyKxRilbKN6Ne_PQRm7y81ho2a6lbNvDRqlZw==
POST H2	200	assign tracking.g2crowd.com/attribution_tracking/conversions/	0 0	158ms 157ms	Ping text/html	2606:4700:4400::6812:2b1f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tracking.g2crowd.com/attribution_tracking/conversions/assign Requested by Host: tracking.g2crowd.com URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&e= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryoTgtvMRbAy04fAAN Response headers
GET H2	200	gif.gif Show response ibc-flow.techtarget.com/a/	43 B 452 B	168ms 163ms	XHR image/gif	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1717414343083&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&version=2.4 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers ibc_rate_tier 17715818 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT via 1.1 google x-guploader-uploadid ABPtcPq16Mnyv4iYV7gTOLMGR2RXFgYGqOp7OzGVPjIQIjmszZv0HBAqRPXyPR7nQdoxt7jTS6k x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 last-modified Thu, 08 Dec 2022 21:19:29 GMT server nginx/1.20.2 etag "fc94fb0c3ed8a8f909dbc7630a0987ff" vary Origin x-goog-generation 1670534369365034 content-type image/gif access-control-allow-origin * x-goog-hash crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w== cache-control public, max-age=3600 access-control-allow-methods GET, POST, OPTIONS x-goog-stored-content-length 43 accept-ranges bytes access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range expires Mon, 03 Jun 2024 12:32:23 GMT
GET H2	200	403957864408442 Show response connect.facebook.net/signals/config/	66 KB 14 KB	185ms 184ms	Script application/x-javascript	2a03:2880:f083:9:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/403957864408442?v=2.9.156&r=stable&domain=www.huntress.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 623fa4b6cd4e0f6ae1e5e3827c0e0a8fdc4c65b4367141deb69813ef292c1fdd Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Mon, 03 Jun 2024 11:32:23 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=52, rtx=0, c=65, mss=1294, tbw=63374, tp=-1, tpl=-1, uplat=130, ullat=0 pragma public x-fb-debug cSttzfpw4k/9gQN+ZyC4CnPZHAmervCsIjnrHEnIhAehKdXhunl9HBEwDQotJOq5BIQ6c2dhEBZPA7HmHpTTUg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	sa.css tags.srv.stackadapt.com/	65 B 203 B	150ms 149ms	Stylesheet text/css	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.css Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash 7f07fbce6624746044c339f1475d3667e554857a6660c5a30792bb4fa8d3e934 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Mon, 03 Jun 2024 11:32:23 GMT cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 65 content-type text/css
GET H2	200	sa.jpeg Show response tags.srv.stackadapt.com/	0 2 KB	255ms 145ms	Fetch image/jpeg	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Mon, 03 Jun 2024 11:32:23 GMT cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 651 content-type image/jpeg
GET H2	200	sa.jpeg Show response tags.srv.stackadapt.com/	0 0	257ms 257ms	Fetch image/jpeg	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Mon, 03 Jun 2024 11:32:23 GMT cache-control only-if-cached, no-transform, private, max-age=7776000 content-length 651 content-type image/jpeg
GET H3	200	counters.gif perf-na1.hsforms.com/embed/v3/	35 B 890 B	173ms 157ms	Image image/gif	104.18.80.204 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status MISS x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 5d69efd1-8f6e-46fb-a1a1-d11a646b6d27 x-envoy-upstream-service-time 11 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 5d69efd1-8f6e-46fb-a1a1-d11a646b6d27 last-modified Mon, 03 Jun 2024 11:32:23 GMT server cloudflare vary origin, Accept-Encoding content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xjgjj access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false accept-ranges bytes x-robots-tag none cf-ray 88df5cbd6d766101-LHR
OPTIONS H2	200	gif.gif ibc-flow.techtarget.com/a/ Frame	0 0	289ms 157ms	Preflight text/html	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1717414343083&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&version=2.4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash Request headers Accept */* Access-Control-Request-Headers ibc_rate_tier Access-Control-Request-Method GET Origin https://www.huntress.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Mon, 03 Jun 2024 11:32:23 GMT expires Mon, 03 Jun 2024 11:32:23 GMT server nginx/1.20.2 vary Origin via 1.1 google x-guploader-uploadid ABPtcPrMN--N4g50CbEKQjN_zzdb9cvySgos3CI0Pa-Bn7Yumoiqz7Y084MfxdRoz2GN_dYavpA
GET H2	200	6si.min.js Show response j.6sc.co/	66 KB 153 B	77ms 77ms	Script application/javascript	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: j.6sc.co URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 09 May 2024 06:01:25 GMT server nginx/1.14.0 (Ubuntu) etag "663c66b5-106b3" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 18038 expires Mon, 03 Jun 2024 11:32:23 GMT
GET H2	200	notify Show response api.neverbounce.com/v4/poe/	63 B 283 B	389ms 129ms	Script application/javascript	54.198.84.6 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_939974 Requested by Host: cdn.neverbounce.com URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.198.84.6 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-198-84-6.compute-1.amazonaws.com Software nginx / Resource Hash 0a1457acaf1913331b49dd44ef3d3d1632c5a8c4de0648dd7ff5d937012f2d20 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains server nginx vary Accept-Encoding content-type application/javascript cache-control no-cache, private x-ua-compatible IE=Edge
GET H2	200	187059084.js Show response bat.bing.com/p/action/	4 KB 2 KB	79ms 78ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/187059084.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding br date Mon, 03 Jun 2024 11:32:23 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: E7743DDCD5D94CC5A2168E2207868371 Ref B: FRA31EDGE0721 Ref C: 2024-06-03T11:32:23Z vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript; charset=utf-8 cache-control private,max-age=60
GET H2	204	0 bat.bing.com/action/	0 286 B	127ms 126ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=09c8cd17-d081-4051-ab14-b43e36b39491&sid=f22f3f00219c11efac6e8fb07e53d0cb&vid=f22f49b0219c11ef9f5bf7e86c07afe9&vids=1&msclkid=N&pi=918639831&lg=en-GB&sw=1600&sh=1200&sc=24&tl=Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&r=&lt=1790&pt=1717414340812,,,,,0,52,52,52,213,105,213,317,327,321,1776,1780,1790,,,&pn=0,0&evt=pageLoad&sv=1&rn=272132 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Mon, 03 Jun 2024 11:32:23 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: F5C0C3323CDD42488E4151424D8E8F3F Ref B: FRA31EDGE0721 Ref C: 2024-06-03T11:32:23Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	87ms 67ms	XHR text/html	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.huntress.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	14 B 301 B	262ms 72ms	XHR text/html	2a02:26f0:480:22::1726:62ee AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:22::1726:62ee Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 55d9d0bb9c7ea20950e9af6b9315631d26715693ef813f1d44b6b6c45a381045 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:23 GMT vary Origin content-type text/html access-control-allow-origin https://www.huntress.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:2c::8 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717414343462_389993774_578304142_25_920_52_132_219";dur=1 content-length 14 expires Mon, 03 Jun 2024 11:32:23 GMT
GET H2	200	/ www.facebook.com/tr/	0 269 B	190ms 68ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&rl=&if=false&ts=1717414343377&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1717414343372.891276071&cs_est=true&ler=empty&cdl=API_unavailable&it=1717414343100&coo=false&rqm=GET Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fb-connection-quality GOOD; q=0.7, rtt=53, rtx=0, c=10, mss=1294, tbw=2804, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Mon, 03 Jun 2024 11:32:23 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 4 KB	283ms 161ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&rl=&if=false&ts=1717414343377&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1717414343372.891276071&cs_est=true&ler=empty&cdl=API_unavailable&it=1717414343100&coo=false&rqm=FGET Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x24fb55e3bc01efdc","source_keys":["1","2"]},{"key_piece":"0xf7b735ebe5910a04","source_keys":["1","2"]}],"aggregatable_values":{"1":1}} content-encoding zstd x-content-type-options nosniff content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; strict-transport-security max-age=15552000; preload document-policy force-load-at-top date Mon, 03 Jun 2024 11:32:23 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=61, rtx=0, c=12, mss=1294, tbw=3117, tp=-1, tpl=-1, uplat=106, ullat=0 pragma no-cache x-fb-debug d1tTvytdAkSwB+Q956f2zPstyEuuCaalIx5lkjvNLVzeGp0hb5/zzzMIX4V+1PPEtSc+zPLlZMLNCViyjw+x+Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	saq_pxl Show response tags.srv.stackadapt.com/	138 B 333 B	147ms 146ms	XHR text/plain	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&t=Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress&tip=Bf4vUsOx3wJgS4Tm0puPW9ccB-OGmfssSYYo69trPI4&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=%270-f01ebf11-f621-525d-7ab8-380928406eb8%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9f01ebf11f621525d7ab8380928406eb852c78226&sa-user-id-v3=s%253AAQAKIFk5XWeZvLUwbGvr_4jD4T-xgfdMR81R_yuxbmcoe5pJEHwYBCDG0_ayBjABOgSTRxQUQgTPkB-3.InXLRdr3E7eolDUHBv3BWo4prz6g84aH02GU97U0baU&sa-user-id-v2=s%253A8B6_EfYhUl16uDgJKEBuuFLHgiY.BiFni9fynyekwZL9USJGW7IF2w7xm1bw0Ntewk9uq7Y&sa-user-id=s%253A0-f01ebf11-f621-525d-7ab8-380928406eb8.y2Yc1gSwt2ie%252B5Lo64sc5Tktbztp1X%252FoMPfSGFbd5e8 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin https://www.huntress.com date Mon, 03 Jun 2024 11:32:23 GMT access-control-allow-credentials true access-control-allow-headers * content-length 138 access-control-allow-methods GET content-type text/plain; charset=utf-8
GET H2	200	saq_pxl Show response tags.srv.stackadapt.com/	138 B 333 B	148ms 147ms	XHR text/plain	52.58.95.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&t=Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress&tip=Bf4vUsOx3wJgS4Tm0puPW9ccB-OGmfssSYYo69trPI4&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9f01ebf11f621525d7ab8380928406eb852c78226&sa-user-id-v3=s%253AAQAKIFk5XWeZvLUwbGvr_4jD4T-xgfdMR81R_yuxbmcoe5pJEHwYBCDG0_ayBjABOgSTRxQUQgTPkB-3.InXLRdr3E7eolDUHBv3BWo4prz6g84aH02GU97U0baU&sa-user-id-v2=s%253A8B6_EfYhUl16uDgJKEBuuFLHgiY.BiFni9fynyekwZL9USJGW7IF2w7xm1bw0Ntewk9uq7Y&sa-user-id=s%253A0-f01ebf11-f621-525d-7ab8-380928406eb8.y2Yc1gSwt2ie%252B5Lo64sc5Tktbztp1X%252FoMPfSGFbd5e8 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.58.95.0 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-58-95-0.eu-central-1.compute.amazonaws.com Software / Resource Hash fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin https://www.huntress.com date Mon, 03 Jun 2024 11:32:23 GMT access-control-allow-credentials true access-control-allow-headers * content-length 138 access-control-allow-methods GET content-type text/plain; charset=utf-8
GET H2	200	187059084 Show response www.clarity.ms/tag/uet/	816 B 1 KB	346ms 154ms	Script application/x-javascript	2620:1ec:bdf::67 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/tag/uet/187059084 Requested by Host: bat.bing.com URL: https://bat.bing.com/p/action/187059084.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash c4c4fbde148d80826237b638eaf35e137e05cac92597ffccc14f9d9a22993764 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers expires -1 date Mon, 03 Jun 2024 11:32:23 GMT x-azure-ref 20240603T113223Z-16577d9575d275f6rdkr0n4r8n00000000q00000000130s1 x-cache CONFIG_NOCACHE content-type application/x-javascript cache-control no-cache, no-store accept-ranges bytes content-length 816 request-context appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
GET H2	204	2159185 Show response vc.hotjar.io/sessions/	0 232 B	212ms 81ms	XHR text/plain	18.66.112.79 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/2159185?s=0.25&r=0.007202912281320417 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.79 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-79.fra56.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Mon, 03 Jun 2024 11:32:23 GMT cache-control no-store via 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P5 x-amz-cf-id SLXLJCyHXoTUDaZiPosbw5Iu16LafNgxSHCoAMos6N6e1SEDR5JZYA== x-cache Miss from cloudfront
GET BLOB	200 OK	d2be0ec5-d973-430a-a882-723dbf8ef018 https://www.huntress.com/	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL blob:https://www.huntress.com/d2be0ec5-d973-430a-a882-723dbf8ef018 Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Length 43 Content-Type image/gif
GET H3	200	bframe www.google.com/recaptcha/api2/ Frame 8749	0 0	67ms 66ms	Document text/html	172.217.16.132 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=en&v=DH3nyJMamEclyfe-nztbfV8S&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/recaptcha__en.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.217.16.132 , United States, ASN15169 (GOOGLE, US), Reverse DNS zrh04s06-in-f132.1e100.net Software GSE / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-QBX90_mseM3VP0BiMMAVwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-QBX90_mseM3VP0BiMMAVwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Mon, 03 Jun 2024 11:32:23 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	clarity.js Show response www.clarity.ms/s/0.7.32/	61 KB 26 KB	108ms 108ms	Script application/javascript	2620:1ec:bdf::67 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://www.clarity.ms/s/0.7.32/clarity.js Requested by Host: www.clarity.ms URL: https://www.clarity.ms/tag/uet/187059084 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:23 GMT content-encoding br last-modified Fri, 10 May 2024 17:30:20 GMT etag W/"0x8DC7116DE09E645" vary Accept-Encoding x-azure-ref 20240603T113223Z-16577d9575d275f6rdkr0n4r8n00000000q00000000130sd content-type application/javascript;charset=utf-8 access-control-allow-origin * x-ms-request-id 2f4a3c8b-c01e-0014-6791-ab66b4000000 cache-control public, max-age=86400 x-cache TCP_HIT x-ms-version 2018-03-28 x-fd-int-roxy-purgeid 51562430
POST H/1.1	204 No Content	collect Show response t.clarity.ms/	0 296 B	742ms 461ms	XHR text/plain	20.114.189.70 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://t.clarity.ms/collect Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/x-clarity-gzip Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.huntress.com Date Mon, 03 Jun 2024 11:32:24 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
GET H2	200	getuidj Show response secure.adnxs.com/	11 B 702 B	205ms 76ms	XHR application/json	185.89.210.180 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT an-x-request-uuid 6a650f8b-b9eb-4937-8559-6016d49d7eb6 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type application/json; charset=utf-8 access-control-allow-origin https://www.huntress.com cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 82.199.130.38; 82.199.130.38; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 11 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 194 B	72ms 65ms	XHR text/html	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.huntress.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	14 B 300 B	60ms 54ms	XHR text/html	2a02:26f0:480:22::1726:62ee AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:22::1726:62ee Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 55d9d0bb9c7ea20950e9af6b9315631d26715693ef813f1d44b6b6c45a381045 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT vary Origin content-type text/html access-control-allow-origin https://www.huntress.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a01:4a0:2c::8 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1717414344453_389993774_578304691_20_1119_52_0_219";dur=1 content-length 14 expires Mon, 03 Jun 2024 11:32:24 GMT
GET H2	200	blockedDomains.json Show response hubspotonwebflow.com/assets/js/	98 KB 23 KB	192ms 191ms	Fetch application/json	76.76.21.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hubspotonwebflow.com/assets/js/blockedDomains.json Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id lhr1::v9w4n-1717414344564-0eb03e4ac3bf age 1431537 x-matched-path /assets/js/blockedDomains.json etag W/"04708d47dd194d37b8231a65de7a66f1" x-vercel-cache HIT content-type application/json; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate content-disposition inline; filename="blockedDomains.json"
GET H2	200	blockList Show response hubspotonwebflow.com/api/forms/	47 B 352 B	164ms 163ms	Fetch application/json	76.76.21.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id lhr1::iad1::wbz6s-1717414344451-88879c45bef9 age 0 x-matched-path /api/forms/blockList x-vercel-cache MISS vary RSC, Next-Router-State-Tree, Next-Router-Prefetch access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin * x-vercel-execution-region iad1 cache-control public, max-age=0, must-revalidate access-control-allow-headers Content-Type, Authorization
GET H3	200	zi-tag.js Show response js.zi-scripts.com/	9 KB 3 KB	132ms 66ms	Script application/javascript	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/zi-tag.js Requested by Host: www.huntress.com URL: https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT x-amz-version-id 4TVPkf0eH3kVl0Vjj3KPZI_FUiecs6et content-encoding gzip cf-cache-status DYNAMIC via 1.1 2a0b2de39bbda8e631dd7bce49626470.cloudfront.net (CloudFront) x-amz-cf-pop LHR62-C2 age 25401 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Wed, 15 May 2024 06:37:27 GMT server cloudflare etag W/"5c7228fc2640a4dfce48217428980fe3" vary Accept-Encoding content-type application/javascript cf-ray 88df5cc5385d06d5-LHR x-amz-cf-id C0Erh4S4eS_y1PZ4gBa09OxC7QLZ730Yl5pbEYOcmW8pFlPbPYhkAA==
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	294ms 181ms	Image image/gif	2606:4700::6810:7674 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=75291610&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&t=Smuggler%E2%80%99s+Gambit%3A+Uncovering+HTML+Smuggling+Adversary+in+the+Middle+Tradecraft+%7C+Huntress&cts=1717414344434&vi=74d8013e3e8d3e59fce631aa5972563d&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id a38e926d-4915-482f-8b16-c91bec4628ab p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 24 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id a38e926d-4915-482f-8b16-c91bec4628ab server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vKEeLzTcNYyKTpG99n9iVxGwonfHZ01PPqrj4GTDL9sn1vjNAjc16v5Dayg2FJvL0RKSEV2bePdnYElTTi%2FnXB%2FdQJsHwe6Xskt1wa8KpnGzrB7R81Sy5oqZd8RRP8QkiisAjohPH4HXAV8o409u"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-v5zn2 x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 88df5cc58a3624f0-LHR x-robots-tag none
GET H2	200	c.gif c.clarity.ms/ Redirect Chain https://c.clarity.ms/c.gif https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&RedC=c.clarity.ms&MXFR=27F7AF82C940679F23E8BB11CD4069A5 https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&MUID=182B544953F067651EC340DA525C6657	42 B 464 B	65ms 65ms	Image image/gif	68.219.88.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&MUID=182B544953F067651EC340DA525C6657 Protocol H2 Server 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12 Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT last-modified Fri, 01 Mar 2024 22:54:48 GMT server Microsoft-IIS/10.0 etag "3e26b762b6cda1:0" x-powered-by ASP.NET content-type image/gif p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" cache-control private, no-cache, proxy-revalidate, no-store accept-ranges bytes content-length 42 Redirect headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 8E8ABECAA06C4D6281CAB4451AA004C0 Ref B: VIEEDGE2509 Ref C: 2024-06-03T11:32:24Z x-powered-by ASP.NET x-cache CONFIG_NOCACHE p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" location https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=16388F2E8B294540B0B0703E98DB93AB&MUID=182B544953F067651EC340DA525C6657 cache-control private, no-cache, proxy-revalidate, no-store content-length 0
GET H3	200	66030a0ceace49bce51c36de_favicon-32x32.png cdn.prod.website-files.com/6579dd0b5f9a54376d296915/	1 KB 2 KB	54ms 54ms	Other image/png	172.64.153.29 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.153.29 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:24 GMT x-amz-version-id zgVWaHGriVUpkEY2ghAZ8_qygV1PEHYb cf-cache-status HIT x-amz-request-id 8E3NV4BECD7BWXED age 322854 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 1294 x-amz-id-2 /YipIOFvY4/jM7gNj41XdfmfPfY4g1xlpG0A+Z0a36RLgnxiMPhr6qia2PZTBzCopb0QHHdCjW4= last-modified Tue, 26 Mar 2024 17:46:53 GMT server cloudflare etag "966e794cd99e0b0b48cd4df13cdc04a5" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes cf-ray 88df5cc4fb6e6537-LHR expires Tue, 03 Jun 2025 11:32:24 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	193ms 168ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2c%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:24 GMT
OPTIONS H3	204	getSubscriptions js.zi-scripts.com/unified/v1/master/ Frame	0 0	267ms 195ms	Preflight	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type,visited_url Access-Control-Request-Method GET Origin https://www.huntress.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-headers * access-control-allow-methods * access-control-allow-origin * access-control-max-age 0 alt-svc h3=":443"; ma=86400 apigw-requestid Yyd3aiusPHcEP9Q= cf-cache-status DYNAMIC cf-ray 88df5cc61a679584-LHR date Mon, 03 Jun 2024 11:32:24 GMT server cloudflare vary Access-Control-Request-Headers via 1.1 2a0b2de39bbda8e631dd7bce49626470.cloudfront.net (CloudFront) x-amz-cf-id -Osj6mWoPdRt-3xT9s8X-bYLeU197mjKXiS06lt_mfobEfeybDotNQ== x-amz-cf-pop LHR62-C2 x-cache Miss from cloudfront x-powered-by Express
GET H3	200	getSubscriptions Show response js.zi-scripts.com/unified/v1/master/	150 B 522 B	194ms 194ms	Fetch application/json	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 98513e87bfe8b25c37f8d5662749cc719769e6b55c2556ace1a2be6d4f22448b Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-platform "Win32" Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 Authorization Bearer 5880e3e5891679926699 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/json Referer https://www.huntress.com/ visited_url https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Response headers date Mon, 03 Jun 2024 11:32:25 GMT via 1.1 e8e3e4a0596538784f828169a2baf0c2.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status DYNAMIC x-amz-cf-pop LHR62-C2 x-powered-by Express x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 apigw-requestid Yyd3ci8UPHcESZA= server cloudflare etag W/"96-lVrNwM51ACd79TJ+07pJqgvoj+I" content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cf-ray 88df5cc75bcc9584-LHR x-amz-cf-id TFgLZgRnkfEfthx_cHJtZgqCa0oq8TZpXIbArlXUQ1s0ie8ROQ63mQ==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	178ms 165ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:24 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	179ms 167ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:24 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:24 GMT
POST H/1.1	204 No Content	collect Show response t.clarity.ms/	0 296 B	141ms 140ms	XHR text/plain	20.114.189.70 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://t.clarity.ms/collect Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/x-clarity-gzip Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Access-Control-Allow-Origin https://www.huntress.com Date Mon, 03 Jun 2024 11:32:25 GMT Access-Control-Allow-Credentials true Server nginx/1.18.0 (Ubuntu) Connection keep-alive Vary Origin Request-Context appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
GET H3	200	/ Show response ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/	3 KB 2 KB	395ms 346ms	Fetch text/javascript	104.16.118.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1717414500000/5d3cypit2iz8.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3ea033d57d3eae44adf1406c2a0b90e5baa103b24fe4f33f5e03727534edba06 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type text/javascript visited-url https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Referer https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft _vtok ODIuMTk5LjEzMC4zOA== _zitok 47ad2823439c6f0dbcee1717414344 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 11:32:25 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin https://www.huntress.com access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url alt-svc h3=":443"; ma=86400 cf-ray 88df5cca8c9e957d-LHR
OPTIONS H3	200	/ ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ Frame	0 0	259ms 197ms	Preflight text/html	104.16.118.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers _vtok,_zitok,content-type,visited-url Access-Control-Request-Method GET Origin https://www.huntress.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url access-control-allow-origin https://www.huntress.com allow GET,HEAD alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 88df5cc8f9e19532-LHR content-encoding gzip content-type text/html; charset=utf-8 date Mon, 03 Jun 2024 11:32:25 GMT server cloudflare via 1.1 google x-content-type-options nosniff x-powered-by Express x-robots-tag noindex, nofollow
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	196ms 196ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A22%20GMT%22%2C%22timeSpent%22%3A%223359%22%2C%22totalTimeSpent%22%3A%223359%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:25 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:25 GMT
GET BLOB	200 OK	274d2e8c-9fd8-4140-9ac0-a06b8eb7b3e4 Show response https://www.huntress.com/	3 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.huntress.com/274d2e8c-9fd8-4140-9ac0-a06b8eb7b3e4 Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 3ea033d57d3eae44adf1406c2a0b90e5baa103b24fe4f33f5e03727534edba06 Request headers Accept-Language en-GB,en;q=0.9;q=0.9 Referer https://www.huntress.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers Content-Length 2932 Content-Type text/javascript
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	170ms 169ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A26%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A25%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224360%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:26 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:26 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	169ms 168ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A27%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A26%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225360%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:27 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:27 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	168ms 167ms	Image image/gif	2.17.147.176 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=c07081a6-8883-4543-8ffb-290950eea39f&session=a2bf18e2-cb0e-4e60-8240-7f19915564f8&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A28%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2003%20Jun%202024%2011%3A32%3A27%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226361%22%7D&isIframe=false&m=%7B%22description%22%3A%22Blowing%20the%20lid%20off%20of%20interesting%20adversary-in-the-middle%20tradecraft%20observed%20in%20the%20Huntress%20partner%20identities.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Smuggler%E2%80%99s%20Gambit%3A%20Uncovering%20HTML%20Smuggling%20Adversary%20in%20the%20Middle%20Tradecraft%20%7C%20Huntress%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fsmugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft&pageViewId=620cb642-f149-4713-898a-cd87da3aa2e2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.20 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-147-176.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://www.huntress.com/ Accept-Language en-GB,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Mon, 03 Jun 2024 11:32:28 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Mon, 03 Jun 2024 11:32:28 GMT