swarm.ptsecurity.com Open in urlscan Pro
217.73.60.13 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Submission: On July 04 via api (July 4th 2024, 2:12:34 am UTC) from TR — Scanned from DE

Summary HTTP 38 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 38 HTTP transactions. The main IP is 217.73.60.13, located in Russian Federation and belongs to CROC_INC, RU. The main domain is swarm.ptsecurity.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on July 26th 2023. Valid for: a year.

This is the only time swarm.ptsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	217.73.60.13 217.73.60.13	51219 (CROC_INC) (CROC_INC)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
6 13	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c1d::9b	15169 (GOOGLE) (GOOGLE)
2	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
1	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
38	12

16 217.73.60.13 (Russian Federation)

ASN51219 (CROC_INC, RU)
PTR: c2-217-73-60-13.elastic.cloud.croc.ru

swarm.ptsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:6b8::1:119 (Moscow, Russian Federation) 6 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f196.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	ptsecurity.com swarm.ptsecurity.com	2 MB
9	yandex.ru 4 redirects mc.yandex.ru — Cisco Umbrella Rank: 3382	7 KB
2	google.de www.google.de — Cisco Umbrella Rank: 8088	126 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	408 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3125 www.google.com — Cisco Umbrella Rank: 5	63 B
2	yandex.com 1 redirects mc.yandex.com — Cisco Umbrella Rank: 8749	894 B
2	webvisor.org 1 redirects mc.webvisor.org — Cisco Umbrella Rank: 25201	1005 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 71	21 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	166 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	81 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 83	1 KB
38	12

	Domain	Requested by
16	swarm.ptsecurity.com	swarm.ptsecurity.com
9	mc.yandex.ru	4 redirects swarm.ptsecurity.com cdn.jsdelivr.net
2	www.google.de	swarm.ptsecurity.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	mc.yandex.com	1 redirects swarm.ptsecurity.com
2	mc.webvisor.org	1 redirects swarm.ptsecurity.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	swarm.ptsecurity.com www.googletagmanager.com
1	www.google.com	swarm.ptsecurity.com
1	region1.analytics.google.com	www.googletagmanager.com
1	cdn.jsdelivr.net	swarm.ptsecurity.com
1	fonts.googleapis.com	swarm.ptsecurity.com
38	13

This site contains links to these domains. Also see Links.

Domain
twitter.com
github.com
airbus-seclab.github.io
www.compass-security.com
zolder.io
www.blackhat.com

Subject Issuer	Validity	Valid
*.ptsecurity.com GlobalSign RSA OV SSL CA 2018	`2023-07-26` - `2024-08-25`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2024-05-23` - `2024-11-02`	5 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.de WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Frame ID: 4712DFE9C44D2269FA8249F38BC52D3C
Requests: 38 HTTP requests in this frame

Frame: https://mc.yandex.ru/metrika/metrika_match.html
Frame ID: 6BF4365AE8D7CCCADE7C5614026925D7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inside Xerox WorkCentre: Two Unauthenticated RCEs – PT SWARM

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

38
Requests

87 %
HTTPS

73 %
IPv6

12
Domains

13
Subdomains

12
IPs

4
Countries

2126 kB
Transfer

2615 kB
Size

29
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/ptswarm
Title: Follow @ptswarm

Search URL Search Domain Scan URL

URL: https://twitter.com/_mohemiv
Title: _mohemiv

Search URL Search Domain Scan URL

URL: https://github.com/richfelker/musl-cross-make
Title: musl-cross-make

Search URL Search Domain Scan URL

URL: https://airbus-seclab.github.io/xerox/INFILTRATE2020-RIGO-Xerox-final.pdf
Title: https://airbus-seclab.github.io/xerox/INFILTRATE2020-RIGO-Xerox-final.pdf

Search URL Search Domain Scan URL

URL: https://www.compass-security.com/fileadmin/Research/Advisories/2021-04_CSNC-2021-002_OS_command_injection_RCE_in_Xerox_WorkCentre.txt
Title: https://www.compass-security.com/fileadmin/Research/Advisories/2021-04_CSNC-2021-002_OS_command_injection_RCE_in_Xerox_WorkCentre.txt

Search URL Search Domain Scan URL

URL: https://zolder.io/decrypt-passwords-from-xerox-workcentre-config-backups/
Title: https://zolder.io/decrypt-passwords-from-xerox-workcentre-config-backups/

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-OConnor.pdf
Title: https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-OConnor.pdf

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A2%3Adp%3A0%3Als%3A1593053267459%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A855392912%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Ast%3A1720059148&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(65536)ti(1) HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A2%3Adp%3A0%3Als%3A1593053267459%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A855392912%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Ast%3A1720059148&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2865536%29ti%281%29&redirnss=1

Request Chain 20

https://mc.yandex.ru/watch/66262255?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22126%22%2C%22Not%3AA-Brand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22126%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A126.0.6478.126%0Achl%0A%22Not%2FA)Brand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22126.0.6478.126%22%2C%22Google%20Chrome%22%3Bv%3D%22126.0.6478.126%22%0Achm%0A%3F0%0Achp%0AWin32%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A1%3Adp%3A0%3Als%3A595902169063%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A247329704%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Arqnl%3A1%3Ast%3A1720059148%3At%3AInside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(21037568)ti(1) HTTP 302
https://mc.yandex.ru/watch/66262255/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22126%22%2C%22Not%3AA-Brand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22126%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A126.0.6478.126%0Achl%0A%22Not%2FA%29Brand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22126.0.6478.126%22%2C%22Google%20Chrome%22%3Bv%3D%22126.0.6478.126%22%0Achm%0A%3F0%0Achp%0AWin32%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A1%3Adp%3A0%3Als%3A595902169063%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A247329704%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Arqnl%3A1%3Ast%3A1720059148%3At%3AInside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037568%29ti%281%29&redirnss=1

Request Chain 26

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10419.SSaQM15sgoIIfMGgMoCKzXp_0Wb3y41dGBwpRB4jAwgYg-YrphHRw-AYHIlrez0p.pMlVfPjTdgVOrRGLTeXcS2Yqvcc%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=10419.4RJSBiTMml4VV1Inuc5yAhuzfM70mqVZ3esTFl5fUVTAsPEF_Rf9bHgOi626DqXhTTx3m-bhyWTP6sjpXUQ6HGUk8KHr5nEUE0_hnvnO973uz3yR08jBguwxnEeURr3Vw6_QGvdx3-Qnf6drh6iP7bQuRpTmkWP3CdiGeSxucZlYVjfwvtc7kl4THh7fY6z4OcAV3-bY7PAicK2zx3zR67hnpArPKksH7zlPsN7i0gE%2C.g5RXCz5Np1tfIxfYc22dlXyNHTk%2C

Request Chain 27

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10419.MSD8JfbIPsXfqmiivZhkKheZhBDkaXww9d4uSOpVuGg6mor4p1Yts13r-o_BboQQ.scj6or2ASKNFZ-4V-VwuDwrYDc4%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10419.2-PMHmmCGsTrUHzQ18MQqK3pft_hvbX4wOk-y15vCzWz7HnM-7c72euVynPdQGRKxFv4EjjSfm-t-ud8FzuckLusyD1Ew5UudmDcbxYguA_XWDBw8tPlIyWvvPIVXhQQIRJBAKqtwOCnYWKrygh_tdnlDzkrLfr__x2XFTb660k-F7z0tgH7kgsqNw8sTgbxb9pwvzBToQuQMQWFQ8W4QTgrAQZ_tKZBLFHBfkur2SM%2C.TujwbfvInTzKUI-NFxHGq6J-nWo%2C

38 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/ 35 KB
12 KB 356ms
100ms Document
text/html 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

bbb0d6c6710e55231df85ed671570f3fd2ce4e1fe6d53b65ae0c5abc038b86bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 04 Jul 2024 02:12:27 GMT
link: <https://swarm.ptsecurity.com/?p=5546>; rel=shortlink
server: nginx
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 style.min.css
swarm.ptsecurity.com/wp-includes/css/dist/block-library/ 111 KB
111 KB 74ms
74ms Stylesheet
text/css 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 27 May 2024 10:15:39 GMT
server: nginx
etag: "66545d4b-1bae5"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 113381
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK 5a397f57-1108-47da-a086-f73fd3afbee0
https://swarm.ptsecurity.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://swarm.ptsecurity.com/5a397f57-1108-47da-a086-f73fd3afbee0
Requested by: Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 style.css
swarm.ptsecurity.com/wp-content/themes/swarm-2/ 100 KB
100 KB 171ms
171ms Stylesheet
text/css 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

482aa087c533b802dc4e339f32221f6fb8d582038e9e632331d9964c567494c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Fri, 01 Mar 2024 12:06:48 GMT
server: nginx
etag: "65e1c4d8-1906a"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 102506
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
swarm.ptsecurity.com/wp-includes/js/jquery/ 86 KB
86 KB 171ms
171ms Script
application/javascript 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 25 Dec 2023 11:41:33 GMT
server: nginx
etag: "65896a6d-15601"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 87553
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
swarm.ptsecurity.com/wp-includes/js/jquery/ 13 KB
14 KB 171ms
171ms Script
application/javascript 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 25 Dec 2023 11:41:33 GMT
server: nginx
etag: "65896a6d-3509"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 13577
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 209 KB
76 KB 201ms
63ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-171997764-1

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1400b2705331900795667d53d327c350dc18e339a04a808da6995b20cd9ad71a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77095
x-xss-protection: 0
last-modified: Thu, 04 Jul 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Jul 2024 02:12:27 GMT

GET
H2 200 f43178ab-xerox-preview-3.png
swarm.ptsecurity.com/wp-content/uploads/2024/06/ 299 KB
299 KB 171ms
171ms Image
image/png 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2024/06/f43178ab-xerox-preview-3.png

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

315609eb744d7d7361c4576e8063bc63cef82585ad44ab25b2dd65d30e6b320a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 03 Jun 2024 16:26:54 GMT
server: nginx
etag: "665deece-4aa0d"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 305677
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 foto_arseniy-150x150.jpg
swarm.ptsecurity.com/wp-content/uploads/2020/07/ 4 KB
4 KB 239ms
237ms Image
image/jpeg 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2020/07/foto_arseniy-150x150.jpg

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

1986eea8c70fca3e226fd3ba66762f1a6e56963175e78bb1cc25db98fff981e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 12:31:00 GMT
server: nginx
etag: "5f198304-e8a"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 3722
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 8da0f7b2-Screenshot-from-2024-06-03-19-33-36.png
swarm.ptsecurity.com/wp-content/uploads/2024/06/ 97 KB
97 KB 171ms
171ms Image
image/png 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2024/06/8da0f7b2-Screenshot-from-2024-06-03-19-33-36.png

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c55252431f1f2d5dd74eb91318963c34e1570b0769ba4ea969dfa9bb99e4baf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 03 Jun 2024 16:35:55 GMT
server: nginx
etag: "665df0eb-18291"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 98961
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 9dc7e123-WorkCentre_firmware.png
swarm.ptsecurity.com/wp-content/uploads/2024/06/ 40 KB
40 KB 171ms
171ms Image
image/png 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2024/06/9dc7e123-WorkCentre_firmware.png

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c883ab65a574df3139ff612466987141d975e68b3a40dbf0b7ce21a12e689210

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Wed, 26 Jun 2024 12:32:54 GMT
server: nginx
etag: "667c0a76-9e82"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 40578
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2b48fd27-templates.png
swarm.ptsecurity.com/wp-content/uploads/2024/06/ 45 KB
45 KB 74ms
71ms Image
image/png 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2024/06/2b48fd27-templates.png

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

3c491d42e9259fe282de149d60c4f1759a539622f2a7858dd25b73500cb76de7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Fri, 28 Jun 2024 11:24:05 GMT
server: nginx
etag: "667e9d55-b3bf"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 46015
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bundle.js Show response
swarm.ptsecurity.com/wp-content/themes/swarm-2/js/ 990 KB
992 KB 78ms
76ms Script
application/javascript 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-content/themes/swarm-2/js/bundle.js?ver=1.2.0

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

6a426b458cb0f29708ef76f88254b9b5cb28de999520e1342bd6410ed391cbdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 29 Aug 2022 12:54:56 GMT
server: nginx
etag: "630cb720-f79a5"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1014181
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 140ms
48ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7496131a4690cdb91535798ada8dd5192f3c95b2fdee10917d69718e07a8d506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Thu, 04 Jul 2024 02:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 04 Jul 2024 01:09:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Jul 2024 02:12:27 GMT

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 215 KB
81 KB 197ms
56ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aa556ee36150dc881f08bfeb968a28e808209c6c9e11225ba6bb333a33cf82f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jul 2024 02:12:27 GMT
x-content-type-options: nosniff
content-encoding: br
age: 25529
x-jsd-version: 1.331.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 82564
x-served-by: cache-fra-eddf8230100-FRA, cache-mxp6951-MXP
x-jsd-version-type: version
etag: W/"35b04-45PE8TqmPaDb4lWKgPQLSB5uCV0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 twitter.svg
swarm.ptsecurity.com/wp-content/themes/swarm-2/img/ 1 KB
1 KB 231ms
230ms Image
image/svg+xml 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/themes/swarm-2/img/twitter.svg

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

510d47804f2b24f1117280edfd4b5f36a5ebe64fbacb989a9ff4b60fb91f91f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Tue, 16 Jun 2020 11:50:42 GMT
server: nginx
etag: "5ee8b212-43d"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
accept-ranges: bytes
content-length: 1085
x-xss-protection: 1; mode=block

GET
H2 200 tag.svg
swarm.ptsecurity.com/wp-content/themes/swarm-2/img/ 281 B
509 B 236ms
236ms Image
image/svg+xml 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/themes/swarm-2/img/tag.svg

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

59d8ccaeb23d40e8dfc8f23c0465636a4cdaa394b31c00572dcad36158a6a2d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:27 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Wed, 03 Jun 2020 15:17:25 GMT
server: nginx
etag: "5ed7bf05-119"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
accept-ranges: bytes
content-length: 281
x-xss-protection: 1; mode=block

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 180ms
82ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://swarm.ptsecurity.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 07:43:41 GMT
x-content-type-options: nosniff
age: 584926
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 07:43:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 144ms
47ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://swarm.ptsecurity.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 17:31:01 GMT
x-content-type-options: nosniff
age: 549686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 17:31:01 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06i...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06...

284 B
433 B

92ms
87ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A2%3Adp%3A0%3Als%3A1593053267459%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A855392912%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Ast%3A1720059148&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2865536%29ti%281%29&redirnss=1

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

1b5d23f8cd6911531563fd1a27ee1b1e7c4bdc48fa0e08088dde732af1869a86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://swarm.ptsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 04-Jul-2024 02:12:29 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 284
x-xss-protection: 1; mode=block
expires: Thu, 04-Jul-2024 02:12:29 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:28 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 04-Jul-2024 02:12:28 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A2%3Adp%3A0%3Als%3A1593053267459%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A855392912%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Ast%3A1720059148&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2865536%29ti%281%29&redirnss=1
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 04-Jul-2024 02:12:28 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/66262255/
Redirect Chain

https://mc.yandex.ru/watch/66262255?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22...
https://mc.yandex.ru/watch/66262255/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%...

490 B
654 B

88ms
84ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/66262255/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22126%22%2C%22Not%3AA-Brand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22126%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A126.0.6478.126%0Achl%0A%22Not%2FA%29Brand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22126.0.6478.126%22%2C%22Google%20Chrome%22%3Bv%3D%22126.0.6478.126%22%0Achm%0A%3F0%0Achp%0AWin32%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A1%3Adp%3A0%3Als%3A595902169063%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A247329704%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Arqnl%3A1%3Ast%3A1720059148%3At%3AInside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037568%29ti%281%29&redirnss=1

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

206fd6179c8a9cbfa45b8d275a96f67a428f8a2daa8af932ae686a3723757b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://swarm.ptsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 04-Jul-2024 02:12:29 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 490
x-xss-protection: 1; mode=block
expires: Thu, 04-Jul-2024 02:12:29 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:28 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 04-Jul-2024 02:12:28 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/66262255/1?wmode=7&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22126%22%2C%22Not%3AA-Brand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22126%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A126.0.6478.126%0Achl%0A%22Not%2FA%29Brand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22126.0.6478.126%22%2C%22Google%20Chrome%22%3Bv%3D%22126.0.6478.126%22%0Achm%0A%3F0%0Achp%0AWin32%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ade-DE%3Av%3A1382%3Acn%3A1%3Adp%3A0%3Als%3A595902169063%3Ahid%3A189973163%3Az%3A120%3Ai%3A20240704041228%3Aet%3A1720059148%3Ac%3A1%3Arn%3A247329704%3Arqn%3A1%3Au%3A1720059148887176552%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Afp%3A916%3Awv%3A2%3Ads%3A0%2C244%2C100%2C55%2C1%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1720059146841%3Arqnl%3A1%3Ast%3A1720059148%3At%3AInside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037568%29ti%281%29&redirnss=1
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 04-Jul-2024 02:12:28 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
662 B 178ms
89ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:28 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 03 Jul 2024 07:33:50 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "6684fede-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 04 Jul 2024 03:12:28 GMT

GET
H2 200 wp-emoji-release.min.js Show response
swarm.ptsecurity.com/wp-includes/js/ 18 KB
19 KB 73ms
72ms Script
application/javascript 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:28 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 27 May 2024 10:15:40 GMT
server: nginx
etag: "66545d4c-4926"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 18726
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pre-controls.svg
swarm.ptsecurity.com/wp-content/themes/swarm-2/img/ 440 B
668 B 79ms
76ms Image
image/svg+xml 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://swarm.ptsecurity.com/wp-content/themes/swarm-2/img/pre-controls.svg

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

c24adeeb65775dbe72f7b05ea47f34d5d2eafdf90da11e370b8dd9257875c20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/wp-content/themes/swarm-2/style.css?ver=1.2.0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Mon, 08 Jun 2020 10:31:56 GMT
server: nginx
etag: "5ede139c-1b8"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
accept-ranges: bytes
content-length: 440
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
90 KB 88ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H7H949MN0Q&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-171997764-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e87e162fb126c1a250f1f50d224ba299f5ac5a17a731b99664ee6e07e5e5ab37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92421
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Jul 2024 02:12:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 406ms
38ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-171997764-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 04 Jul 2024 00:29:07 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6202
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 04 Jul 2024 02:29:07 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10419.SSaQM15sgoIIfMGgMoCKzXp_0Wb3y41dGBwpRB4jAwgYg-YrphHRw-AYHIlrez0p.pMlVfPjTdgVOrRGLTeXcS2Yqvcc%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=10419.4RJSBiTMml4VV1Inuc5yAhuzfM70mqVZ3esTFl5fUVTAsPEF_Rf9bHgOi626DqXhTTx3m-bhyWTP6sjpXUQ6HGUk8KHr5nEUE0_hnvnO973uz3yR08jBguwxnEeURr3Vw6_QGvdx...

43 B
506 B

82ms
82ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=10419.4RJSBiTMml4VV1Inuc5yAhuzfM70mqVZ3esTFl5fUVTAsPEF_Rf9bHgOi626DqXhTTx3m-bhyWTP6sjpXUQ6HGUk8KHr5nEUE0_hnvnO973uz3yR08jBguwxnEeURr3Vw6_QGvdx3-Qnf6drh6iP7bQuRpTmkWP3CdiGeSxucZlYVjfwvtc7kl4THh7fY6z4OcAV3-bY7PAicK2zx3zR67hnpArPKksH7zlPsN7i0gE%2C.g5RXCz5Np1tfIxfYc22dlXyNHTk%2C

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://swarm.ptsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=10419.4RJSBiTMml4VV1Inuc5yAhuzfM70mqVZ3esTFl5fUVTAsPEF_Rf9bHgOi626DqXhTTx3m-bhyWTP6sjpXUQ6HGUk8KHr5nEUE0_hnvnO973uz3yR08jBguwxnEeURr3Vw6_QGvdx3-Qnf6drh6iP7bQuRpTmkWP3CdiGeSxucZlYVjfwvtc7kl4THh7fY6z4OcAV3-bY7PAicK2zx3zR67hnpArPKksH7zlPsN7i0gE%2C.g5RXCz5Np1tfIxfYc22dlXyNHTk%2C
date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10419.MSD8JfbIPsXfqmiivZhkKheZhBDkaXww9d4uSOpVuGg6mor4p1Yts13r-o_BboQQ.scj6or2ASKNFZ-4V-VwuDwrYDc4%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10419.2-PMHmmCGsTrUHzQ18MQqK3pft_hvbX4wOk-y15vCzWz7HnM-7c72euVynPdQGRKxFv4EjjSfm-t-ud8FzuckLusyD1Ew5UudmDcbxYguA_XWDBw8tPlIyWvvPIVXhQQIRJBAKqtwO...

43 B
492 B

84ms
84ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10419.2-PMHmmCGsTrUHzQ18MQqK3pft_hvbX4wOk-y15vCzWz7HnM-7c72euVynPdQGRKxFv4EjjSfm-t-ud8FzuckLusyD1Ew5UudmDcbxYguA_XWDBw8tPlIyWvvPIVXhQQIRJBAKqtwOCnYWKrygh_tdnlDzkrLfr__x2XFTb660k-F7z0tgH7kgsqNw8sTgbxb9pwvzBToQuQMQWFQ8W4QTgrAQZ_tKZBLFHBfkur2SM%2C.TujwbfvInTzKUI-NFxHGq6J-nWo%2C

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://swarm.ptsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10419.2-PMHmmCGsTrUHzQ18MQqK3pft_hvbX4wOk-y15vCzWz7HnM-7c72euVynPdQGRKxFv4EjjSfm-t-ud8FzuckLusyD1Ew5UudmDcbxYguA_XWDBw8tPlIyWvvPIVXhQQIRJBAKqtwOCnYWKrygh_tdnlDzkrLfr__x2XFTb660k-F7z0tgH7kgsqNw8sTgbxb9pwvzBToQuQMQWFQ8W4QTgrAQZ_tKZBLFHBfkur2SM%2C.TujwbfvInTzKUI-NFxHGq6J-nWo%2C
date: Thu, 04 Jul 2024 02:12:29 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 157ms
47ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-H7H949MN0Q&gtm=45je4730v9111521044za200&_p=1720059147662&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=359188219.1720059150&ul=de-de&sr=1600x1200&_ng=1&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1720059149&sct=1&seg=0&dl=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&dt=Inside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2687&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H7H949MN0Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
257 B 179ms
50ms Ping
text/plain 2a00:1450:400c:c1d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-H7H949MN0Q&cid=359188219.1720059150&gtm=45je4730v9111521044za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H7H949MN0Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 127ms
52ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-H7H949MN0Q&cid=359188219.1720059150&gtm=45je4730v9111521044za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1409132142

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 metrika_match.html
mc.yandex.ru/metrika/ Frame 6BF4 0
0 313ms
143ms Document
text/html 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/metrika_match.html

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://swarm.ptsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 1048
content-type: text/html
date: Thu, 04 Jul 2024 02:12:29 GMT
etag: "6684fede-418"
expires: Thu, 04 Jul 2024 03:12:29 GMT
last-modified: Wed, 03 Jul 2024 07:33:50 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
210 B 52ms
50ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=992435900&t=pageview&_s=1&dl=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&ul=de-de&de=UTF-8&dt=Inside%20Xerox%20WorkCentre%3A%20Two%20Unauthenticated%20RCEs%20%E2%80%93%20PT%20SWARM&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1441243824&gjid=68841942&cid=359188219.1720059150&tid=UA-171997764-1&_gid=944047195.1720059150&_r=1&gtm=457e4730za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&jsscut=1&npa=1&z=1022966626

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 50ms
48ms XHR
text/plain 2a00:1450:400c:c1d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-171997764-1&cid=359188219.1720059150&jid=1441243824&gjid=68841942&_gid=944047195.1720059150&npa=1&_u=YADAAUAAAAAAACAAI~&z=382225038

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Jul 2024 02:12:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 151ms
68ms Image
image/gif 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-171997764-1&cid=359188219.1720059150&jid=1441243824&npa=1&_u=YADAAUAAAAAAACAAI~&z=322485508

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 50ms
49ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-171997764-1&cid=359188219.1720059150&jid=1441243824&npa=1&_u=YADAAUAAAAAAACAAI~&z=322485508

Requested by

Host: swarm.ptsecurity.com
URL: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 favicon-1.png
swarm.ptsecurity.com/wp-content/uploads/2020/06/ 1 KB
1 KB 73ms
72ms Other
image/png 217.73.60.13
CROC_INC

General

Check archive.org

Show headers Download Go to

Full URL

https://swarm.ptsecurity.com/wp-content/uploads/2020/06/favicon-1.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.73.60.13 , Russian Federation, ASN51219 (CROC_INC, RU),

Reverse DNS

c2-217-73-60-13.elastic.cloud.croc.ru

Software

nginx /

Resource Hash

3f492ec442241496bc55c2fa825db19ccb2a8e95e8fbe3b264c0122d027515a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jul 2024 02:12:30 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
last-modified: Tue, 16 Jun 2020 11:47:50 GMT
server: nginx
etag: "5ee8b166-41c"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1052
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 66262255
mc.yandex.ru/webvisor/ 43 B
0 84ms
83ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/66262255?wv-type=9&wmode=0&wv-hit=189973163&page-url=https%3A%2F%2Fswarm.ptsecurity.com%2Finside-xerox-workcentre-two-unauthenticated-rces%2F&browser-info=et%3A1720059152%3Aw%3A1600x1200%3Av%3A1382%3Az%3A120%3Ai%3A20240704041232%3Au%3A1720059148887176552%3Avf%3Abyif4b2t06iipg89gn11z5uwnz%3Ast%3A1720059152&t=gdpr(14)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://swarm.ptsecurity.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Jul 2024 02:12:32 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 04-Jul-2024 02:12:32 GMT
content-type: image/gif
access-control-allow-origin: https://swarm.ptsecurity.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 04-Jul-2024 02:12:32 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ptsecurity.com/	1970-01-21 06:33:15	Name: _ym_uid Value: 1720059148887176552
.ptsecurity.com/	1970-01-21 06:33:15	Name: _ym_d Value: 1720059148
.yandex.ru/	1970-01-21 06:33:15	Name: ymex Value: 1751595148.yrts.1720059148#1751595148.yrtsi.1720059148
.yandex.ru/	1970-01-21 06:33:15	Name: receive-cookie-deprecation Value: 1
mc.yandex.ru/	1970-01-21 06:33:15	Name: bh Value: EkAiR29vZ2xlIENocm9tZSI7dj0iMTI2IiwgIk5vdDpBLUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMjYiKgI/MDoHIldpbjMyIg==
.yandex.ru/	1970-01-21 06:33:15	Name: yashr Value: 171263971720059148
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 2519431961720059148
.yandex.ru/	1970-01-21 07:23:39	Name: i Value: 31Z07KJR53in1GbtBU9NNL6mlMAXE2gCkol6BcHz3F5SOJjNThoC0RQqFmadOpv+Ux1ZPCK+WM9O87I7BqJ/2CDFZTU=
.yandex.ru/	1970-01-21 07:23:39	Name: yandexuid Value: 427163521720059148
.yandex.ru/	1970-01-21 06:33:15	Name: yuidss Value: 427163521720059148
.yandex.ru/	1970-01-21 06:33:15	Name: bh Value: Ej4iR29vZ2xlIENocm9tZSI7dj0iMTI2IiwiTm90OkEtQnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTI2IhoFIng4NiIiECIxMjYuMC42NDc4LjEyNiIqAj8wOgciV2luMzIiQggiMTAuMC4wIkoEIjY0IlJbIk5vdC9BKUJyYW5kIjt2PSI4LjAuMC4wIiwiQ2hyb21pdW0iO3Y9IjEyNi4wLjY0NzguMTI2IiwiR29vZ2xlIENocm9tZSI7dj0iMTI2LjAuNjQ3OC4xMjYiIg==
.ptsecurity.com/	1970-01-20 21:48:51	Name: _ym_isad Value: 2
.ptsecurity.com/	1970-01-21 07:23:39	Name: _ga_H7H949MN0Q Value: GS1.1.1720059149.1.0.1720059149.60.0.0
.mc.yandex.com/	1970-01-20 21:47:39	Name: sync_cookie_csrf Value: 3600027358fake
mc.yandex.com/	1970-01-21 06:33:15	Name: bh Value: EkAiR29vZ2xlIENocm9tZSI7dj0iMTI2IiwgIk5vdDpBLUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMjYiKgI/MDoHIldpbjMyIg==
.mc.webvisor.org/	1970-01-20 21:47:39	Name: sync_cookie_csrf Value: 2731291115fake
mc.webvisor.org/	1970-01-21 06:33:15	Name: bh Value: EkAiR29vZ2xlIENocm9tZSI7dj0iMTI2IiwgIk5vdDpBLUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMjYiKgI/MDoHIldpbjMyIg==
.ptsecurity.com/	1970-01-21 07:23:39	Name: _ga Value: GA1.2.359188219.1720059150
.ptsecurity.com/	1970-01-20 21:49:05	Name: _gid Value: GA1.2.944047195.1720059150
.yandex.com/	1970-01-21 07:23:39	Name: yandexuid Value: 427163521720059148
.yandex.com/	1970-01-21 07:23:39	Name: yuidss Value: 427163521720059148
.yandex.com/	1970-01-21 07:23:39	Name: i Value: 31Z07KJR53in1GbtBU9NNL6mlMAXE2gCkol6BcHz3F5SOJjNThoC0RQqFmadOpv+Ux1ZPCK+WM9O87I7BqJ/2CDFZTU=
.mc.yandex.com/	1970-01-20 21:49:05	Name: sync_cookie_ok Value: synced
.ptsecurity.com/	1970-01-20 21:47:39	Name: _gat_gtag_UA_171997764_1 Value: 1
.mc.yandex.ru/	1970-01-20 21:47:39	Name: sync_cookie_csrf Value: 3600196905fake
.webvisor.org/	1970-01-21 07:23:39	Name: yandexuid Value: 427163521720059148
.webvisor.org/	1970-01-21 07:23:39	Name: yuidss Value: 427163521720059148
.webvisor.org/	1970-01-21 07:23:39	Name: i Value: 31Z07KJR53in1GbtBU9NNL6mlMAXE2gCkol6BcHz3F5SOJjNThoC0RQqFmadOpv+Ux1ZPCK+WM9O87I7BqJ/2CDFZTU=
.mc.webvisor.org/	1970-01-20 21:49:05	Name: sync_cookie_ok Value: synced

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
mc.webvisor.org
mc.yandex.com
mc.yandex.ru
region1.analytics.google.com
stats.g.doubleclick.net
swarm.ptsecurity.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
172.217.16.196
172.217.18.3
2001:4860:4802:34::36
217.73.60.13
2a00:1450:4001:828::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2003
2a00:1450:400c:c1d::9b
2a02:6b8::1:119
2a04:4e42::485
1400b2705331900795667d53d327c350dc18e339a04a808da6995b20cd9ad71a
1986eea8c70fca3e226fd3ba66762f1a6e56963175e78bb1cc25db98fff981e4
1b5d23f8cd6911531563fd1a27ee1b1e7c4bdc48fa0e08088dde732af1869a86
206fd6179c8a9cbfa45b8d275a96f67a428f8a2daa8af932ae686a3723757b62
315609eb744d7d7361c4576e8063bc63cef82585ad44ab25b2dd65d30e6b320a
3c491d42e9259fe282de149d60c4f1759a539622f2a7858dd25b73500cb76de7
3f492ec442241496bc55c2fa825db19ccb2a8e95e8fbe3b264c0122d027515a9
482aa087c533b802dc4e339f32221f6fb8d582038e9e632331d9964c567494c0
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
510d47804f2b24f1117280edfd4b5f36a5ebe64fbacb989a9ff4b60fb91f91f3
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
59d8ccaeb23d40e8dfc8f23c0465636a4cdaa394b31c00572dcad36158a6a2d2
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
6a426b458cb0f29708ef76f88254b9b5cb28de999520e1342bd6410ed391cbdd
7496131a4690cdb91535798ada8dd5192f3c95b2fdee10917d69718e07a8d506
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
aa556ee36150dc881f08bfeb968a28e808209c6c9e11225ba6bb333a33cf82f9
bbb0d6c6710e55231df85ed671570f3fd2ce4e1fe6d53b65ae0c5abc038b86bb
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c24adeeb65775dbe72f7b05ea47f34d5d2eafdf90da11e370b8dd9257875c20f
c55252431f1f2d5dd74eb91318963c34e1570b0769ba4ea969dfa9bb99e4baf1
c883ab65a574df3139ff612466987141d975e68b3a40dbf0b7ce21a12e689210
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87e162fb126c1a250f1f50d224ba299f5ac5a17a731b99664ee6e07e5e5ab37
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

swarm.ptsecurity.com Open in urlscan Pro 217.73.60.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

87 %HTTPS

73 %IPv6

12 Domains

13 Subdomains

12 IPs

4 Countries

2126 kBTransfer

2615 kBSize

29 Cookies

7 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

swarm.ptsecurity.com Open in urlscan Pro
217.73.60.13 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

87 %
HTTPS

73 %
IPv6

12
Domains

13
Subdomains

12
IPs

4
Countries

2126 kB
Transfer

2615 kB
Size

29
Cookies

38 HTTP transactions
1 data transactions