claroty.com Open in urlscan Pro
2620:12a:8001::4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Submission: On February 09 via api (February 9th 2021, 1:22:12 am UTC) from US

Summary HTTP 71 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 24 domains to perform 71 HTTP transactions. The main IP is 2620:12a:8001::4, located in United States and belongs to FASTLY, US. The main domain is claroty.com.
TLS certificate: Issued by R3 on December 26th 2020. Valid for: 3 months.

This is the only time claroty.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	2620:12a:8001::4 2620:12a:8001::4	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:d6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	65.9.94.17 65.9.94.17	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:e6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:71b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:710... 2a02:26f0:7100:481::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	13.224.94.37 13.224.94.37	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.94.6 65.9.94.6	16509 (AMAZON-02) (AMAZON-02)
1 2	2620:119:50e6... 2620:119:50e6:101::6cae:b05	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.49.237.17 52.49.237.17	16509 (AMAZON-02) (AMAZON-02)
2	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:bb72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
71	32

33 2620:12a:8001::4 (United States)

ASN54113 (FASTLY, US)

claroty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.claroty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.94.17 (Seattle, United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:71b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:481::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-37.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.94.6 (Seattle, United States)

ASN16509 (AMAZON-02, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e6:101::6cae:b05 (United States) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.237.17 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-237-17.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:bb72 (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent20.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	claroty.com claroty.com www.claroty.com	547 KB
5	hubspot.com forms.hubspot.com track.hubspot.com	4 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	61 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	hubspotusercontent20.net f.hubspotusercontent20.net	585 KB
2	google.com www.google.com	1 KB
2	pardot.com pi.pardot.com	4 KB
2	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	bing.com bat.bing.com	9 KB
2	googletagmanager.com www.googletagmanager.com	83 KB
1	google.de www.google.de	108 B
1	googleadservices.com www.googleadservices.com	13 KB
1	gstatic.com www.gstatic.com	332 KB
1	hubapi.com api.hubapi.com	982 B
1	hsforms.com forms.hsforms.com	588 B
1	licdn.com snap.licdn.com	2 KB
1	hs-banner.com js.hs-banner.com	14 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	hsadspixel.net js.hsadspixel.net	3 KB
1	hscollectedforms.net js.hscollectedforms.net	24 KB
1	hsleadflows.net js.hsleadflows.net	77 KB
1	googleapis.com fonts.googleapis.com	825 B
1	hs-scripts.com js.hs-scripts.com	948 B
71	24

	Domain	Requested by
32	claroty.com	claroty.com
3	track.hubspot.com
3	www.google-analytics.com	claroty.com www.google-analytics.com
2	f.hubspotusercontent20.net
2	www.google.com	js.hsleadflows.net
2	pi.pardot.com	claroty.com pi.pardot.com
2	px.ads.linkedin.com	1 redirects claroty.com
2	forms.hubspot.com	js.hscollectedforms.net js.hsleadflows.net
2	bat.bing.com	www.googletagmanager.com claroty.com
2	www.googletagmanager.com	claroty.com js.hsadspixel.net
1	www.google.de
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	api.hubapi.com	js.hsadspixel.net
1	in.hotjar.com	script.hotjar.com
1	forms.hsforms.com	claroty.com
1	www.linkedin.com	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	snap.licdn.com	www.googletagmanager.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	static.hotjar.com	claroty.com
1	fonts.googleapis.com	claroty.com
1	js.hs-scripts.com	claroty.com
1	www.claroty.com	claroty.com
71	31

This site contains links to these domains. Also see Links.

Domain
portal.claroty.com
us-cert.cisa.gov
www.claroty.com
www.linkedin.com
twitter.com
www.facebook.com
info.claroty.com

Subject Issuer	Validity	Valid
claroty.com R3	`2020-12-26` - `2021-03-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-01-19` - `2021-07-19`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Frame ID: 5EE253DF96F8BA30747DD5A254A5725D
Requests: 70 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: C2C6F231DF1B1B2025E396B1C69EFD74
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

71
Requests

100 %
HTTPS

82 %
IPv6

24
Domains

31
Subdomains

32
IPs

5
Countries

1801 kB
Transfer

3585 kB
Size

13
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.claroty.com/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/alerts/aa20-296a
Title: A joint FBI-CISA cybersecurity advisory

Search URL Search Domain Scan URL

URL: https://www.claroty.com/2020/09/17/blog-research-patched-netlogon-flaw/
Title: often installed locally

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/claroty?report%2Esuccess=KJ_KkFGTDCfMt-A7wV3Fn9Yvgwr02Kd6AZHGx4bQCDiP6-2rfP2oxyVoEQiPrcAQ7Bf

Search URL Search Domain Scan URL

URL: https://twitter.com/Claroty

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ClarotyOT/

Search URL Search Domain Scan URL

URL: https://info.claroty.com/subscribetoclarotyblog
Title: Subscribe Now

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1162802%26time%3D1612833707107%26url%3Dhttps%253A%252F%252Fclaroty.com%252F2020%252F10%252F27%252Fblog-research-energetic-bear-zerologon%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&liSync=true

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/ 50 KB
13 KB 971ms
942ms Document
text/html 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c1b584c25c9df2635eed911efee24180fe5a3da8630fcea6b482b28ec5643284

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: claroty.com
:scheme: https
:path: /2020/10/27/blog-research-energetic-bear-zerologon/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cache-control: public, max-age=600
content-encoding: gzip
content-type: text/html; charset=UTF-8
link: <https://claroty.com/wp-json/>; rel="https://api.w.org/" <https://claroty.com/wp-json/wp/v2/posts/6820>; rel="alternate"; type="application/json" <https://claroty.com/?p=6820>; rel=shortlink
server: nginx
strict-transport-security: max-age=31622400; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe4-b-649d688684-mhstp
x-pingback: https://claroty.com/xmlrpc.php
x-styx-req-id: 2c8d6c5c-6a75-11eb-a0e8-0a5f99c5632f
x-xss-protection: 1; mode=block
date: Tue, 09 Feb 2021 01:21:46 GMT
x-served-by: cache-mdw17360-MDW, cache-fra19148-FRA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1612833706.550262,VS0,VE919
vary: Accept-Encoding, Cookie, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
content-length: 12911

GET
H2 200 style.min.css
claroty.com/wp-includes/css/dist/block-library/ 50 KB
10 KB 16ms
12ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36db-c8e9"
age: 371804
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-zp9w4
x-cache: HIT, HIT
content-length: 9895
x-served-by: cache-mdw17334-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:07 GMT
server: nginx
x-timer: S1612833707.501678,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:05:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 8052c69c-6713-11eb-bfe6-168ddfe967a0
x-cache-hits: 1, 2

GET
H2 200 admin-bar-style.css
claroty.com/wp-content/plugins/wpml-translation-management/res/css/ 112 B
385 B 17ms
14ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/wpml-translation-management/res/css/admin-bar-style.css?ver=2.9.9

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2961bb57dcfff925f2e03ad6ad741a457b5f5482bd5b5c221cc20d5d1bfb4268

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"6019ed8a-70"
age: 400177
x-pantheon-styx-hostname: styx-fe4-b-649d688684-9sq97
x-cache: HIT, HIT
content-length: 113
x-served-by: cache-mdw17365-MDW, cache-fra19148-FRA
last-modified: Wed, 03 Feb 2021 00:25:46 GMT
server: nginx
x-timer: S1612833707.501802,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 10:12:09 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 71488fc8-66d1-11eb-af73-fe26c31712af
x-cache-hits: 1, 2

GET
H2 200 style.css
claroty.com/wp-content/themes/claroty/ 5 KB
2 KB 16ms
13ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/style.css?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

20d5e450f4dfded00ed094130beb5a6e103f78adaa76a8c42835f56cd1f5951b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60086461-1346"
age: 1614738
x-pantheon-styx-hostname: styx-fe4-b-6847444cd7-tn2rx
x-cache: HIT, HIT
content-length: 1588
x-served-by: cache-mdw17337-MDW, cache-fra19148-FRA
last-modified: Wed, 20 Jan 2021 17:12:01 GMT
server: nginx
x-timer: S1612833707.501793,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Jan 2022 08:49:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 91cad878-5bc5-11eb-8c51-7e364367a3e6
x-cache-hits: 1, 2

GET
H2 200 ihotspot.min.css
claroty.com/wp-content/themes/claroty/html/app/assets/css/ 9 KB
2 KB 16ms
14ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/css/ihotspot.min.css?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e11b838d8d16bacd663557317c3c6db277fe4c84002dbdee6d54096854986ddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"5ff56ec8-2299"
age: 2723695
x-pantheon-styx-hostname: styx-fe4-a-7766cc6998-nsk9h
x-cache: HIT, HIT
content-length: 1904
x-served-by: cache-mdw17359-MDW, cache-fra19148-FRA
last-modified: Wed, 06 Jan 2021 08:03:20 GMT
server: nginx
x-timer: S1612833707.501780,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sun, 09 Jan 2022 12:46:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 948a8236-51af-11eb-bf4d-9aa52e6b0cfa
x-cache-hits: 1, 2

GET
H2 200 nbm-styles.css
claroty.com/wp-content/themes/claroty/styles/ 1 KB
914 B 137ms
134ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/styles/nbm-styles.css?ver=1612833705

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c85d7f9f0746c2b8467922bbb27329d1f4770f9c19afe20af28412c669aad0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60205e87-5f5"
age: 0
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: MISS, MISS
content-length: 643
x-served-by: cache-mdw17349-MDW, cache-fra19148-FRA
last-modified: Sun, 07 Feb 2021 21:41:27 GMT
server: nginx
x-timer: S1612833707.501854,VS0,VE122
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Thu, 10 Feb 2022 01:21:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2d1e588c-6a75-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 0, 0

GET
H2 200 external-all.css
claroty.com/wp-content/themes/claroty/html/app/assets/css/ 77 KB
10 KB 30ms
28ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/css/external-all.css?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

31c2b577a69397092bb0487db0373ad47a6807351d939215c25b591f02be7cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60113be2-133f8"
age: 1080566
x-pantheon-styx-hostname: styx-fe4-b-649d688684-g9bm2
x-cache: HIT, HIT
content-length: 9831
x-served-by: cache-mdw17370-MDW, cache-fra19148-FRA
last-modified: Wed, 27 Jan 2021 10:09:38 GMT
server: nginx
x-timer: S1612833707.502017,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Fri, 28 Jan 2022 13:12:20 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 49c8a2eb-60a1-11eb-bf59-129971926bc2
x-cache-hits: 1, 2

GET
H2 200 style.min.css
claroty.com/wp-content/themes/claroty/html/app/assets/css/ 311 KB
58 KB 17ms
15ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

45243d2099be0b40b45fb54d2eff19d9909f44b7a919ad0c93a4cd858792aa34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60101e8f-4db61"
age: 1058567
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-rxrvr
x-cache: HIT, HIT
content-length: 59106
x-served-by: cache-mdw17353-MDW, cache-fra19148-FRA
last-modified: Tue, 26 Jan 2021 13:52:15 GMT
server: nginx
x-timer: S1612833707.502088,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Fri, 28 Jan 2022 19:18:59 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 81f8333b-60d4-11eb-9013-6e089491ccf9
x-cache-hits: 1, 2

GET
H2 200 frontend.min.js Show response
claroty.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 9 KB
3 KB 30ms
27ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.12.2

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60205e86-2452"
age: 95110
x-pantheon-styx-hostname: styx-fe4-b-649d688684-9sq97
x-cache: MISS, HIT
content-length: 2981
x-served-by: cache-mdw17378-MDW, cache-fra19148-FRA
last-modified: Sun, 07 Feb 2021 21:41:26 GMT
server: nginx
x-timer: S1612833707.502076,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Tue, 08 Feb 2022 22:56:36 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: bad8a845-6997-11eb-af73-fe26c31712af
x-cache-hits: 0, 2

GET
H2 200 jquery.min.js Show response
claroty.com/wp-includes/js/jquery/ 87 KB
36 KB 29ms
27ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36dc-15d98"
age: 371805
x-pantheon-styx-hostname: styx-fe4-b-649d688684-kdnb8
x-cache: HIT, HIT
content-length: 36073
x-served-by: cache-mdw17345-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:08 GMT
server: nginx
x-timer: S1612833707.502227,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:05:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 80540c9c-6713-11eb-9ffb-4a9996720048
x-cache-hits: 2, 2

GET
H2 200 jquery-migrate.min.js Show response
claroty.com/wp-includes/js/jquery/ 11 KB
5 KB 29ms
27ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36dc-2bd8"
age: 371804
x-pantheon-styx-hostname: styx-fe4-b-649d688684-9sq97
x-cache: HIT, HIT
content-length: 4565
x-served-by: cache-mdw17325-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:08 GMT
server: nginx
x-timer: S1612833707.502189,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:05:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 80548971-6713-11eb-af73-fe26c31712af
x-cache-hits: 1, 2

GET
H2 200 gtm4wp-form-move-tracker.js Show response
claroty.com/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
607 B 28ms
27ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.11.5

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"600055a7-5cf"
age: 2130904
x-pantheon-styx-hostname: styx-fe4-b-7985f65b8b-v9djv
x-cache: HIT, HIT
content-length: 350
x-served-by: cache-mdw17366-MDW, cache-fra19148-FRA
last-modified: Thu, 14 Jan 2021 14:31:03 GMT
server: nginx
x-timer: S1612833707.502160,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 16 Jan 2022 09:26:42 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: c71e376c-5713-11eb-9c3c-6e3b036e599f
x-cache-hits: 1, 2

GET
H2 200 logo.svg
claroty.com/wp-content/themes/claroty/assets/img/ 93 KB
52 KB 20ms
17ms Image
image/svg+xml 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://claroty.com/wp-content/themes/claroty/assets/img/logo.svg

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9ce2baf06d2a3308b38151a6f66c4456aef0ebebc4587aa651d93977fd5b792f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"5ffe5619-172bb"
age: 2313761
x-pantheon-styx-hostname: styx-fe4-a-7766cc6998-c5gnw
x-cache: HIT, HIT
content-length: 53103
x-served-by: cache-mdw17321-MDW, cache-fra19148-FRA
access-control-allow-origin: *
last-modified: Wed, 13 Jan 2021 02:08:25 GMT
server: nginx
x-timer: S1612833707.652286,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Fri, 14 Jan 2022 06:39:05 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 0811d973-556a-11eb-8dd2-4ae4701bc2e6
x-cache-hits: 1, 2

GET
H2 200 banner-2.png
claroty.com/wp-content/themes/claroty/assets/img/ 105 KB
106 KB 20ms
16ms Image
image/png 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://claroty.com/wp-content/themes/claroty/assets/img/banner-2.png

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

151609e6f656da6321b0e6324a66673cd4d36a946e1cc85f180202e36250dbb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
etag: "60068243-1a4d3"
age: 1780460
x-cache: HIT, HIT
x-cache-hits: 1, 2
content-length: 107731
x-served-by: cache-mdw17323-MDW, cache-fra19148-FRA
last-modified: Tue, 19 Jan 2021 06:54:59 GMT
server: nginx
x-timer: S1612833707.652271,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
content-type: image/png
x-styx-req-id: b87b5020-5a43-11eb-9beb-a211a18be3d0
expires: Thu, 20 Jan 2022 10:47:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe4-a-7766cc6998-r7w59

GET
H2 200 bottom-icon.png
claroty.com/wp-content/themes/claroty/assets/img/ 14 KB
15 KB 29ms
26ms Image
image/png 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://claroty.com/wp-content/themes/claroty/assets/img/bottom-icon.png

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d70b17a683bfc1ca0d4492d5b18c9227b2a72a4f2ec51cf1639e44f199af2209

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
etag: "60127db8-3948"
age: 950010
x-cache: HIT, HIT
x-cache-hits: 1, 2
content-length: 14664
x-served-by: cache-mdw17330-MDW, cache-fra19148-FRA
last-modified: Thu, 28 Jan 2021 09:02:48 GMT
server: nginx
x-timer: S1612833707.652818,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
content-type: image/png
x-styx-req-id: 42ffa645-61d1-11eb-9013-6e089491ccf9
expires: Sun, 30 Jan 2022 01:28:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-rxrvr

GET
H2 200 logo-white.png
claroty.com/wp-content/themes/claroty/assets/img/ 3 KB
4 KB 29ms
26ms Image
image/png 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://claroty.com/wp-content/themes/claroty/assets/img/logo-white.png

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

37e1ed5202ca312ed798f5ebb23baa3e9465be54642ea05beed44c6eea75ba50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
etag: "60086461-d60"
age: 1614384
x-cache: HIT, HIT
x-cache-hits: 1, 2
content-length: 3424
x-served-by: cache-mdw17370-MDW, cache-fra19148-FRA
last-modified: Wed, 20 Jan 2021 17:12:01 GMT
server: nginx
x-timer: S1612833707.652814,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
content-type: image/png
x-styx-req-id: 64e9a6d5-5bc6-11eb-9808-8a6b3b271da3
expires: Sat, 22 Jan 2022 08:55:21 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe4-a-7475c57cb7-tj4h2

GET
H2 200 style.css
www.claroty.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/ 851 B
579 B 13ms
12ms Stylesheet
text/css 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.claroty.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.css?ver=1

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e8b5c0f1aab454e3dd3d47bdb0d6be1a54c0c350dff5feaa3a595937e2006df1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36d7-353"
age: 371898
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-rxrvr
x-cache: HIT, HIT
content-length: 325
x-served-by: cache-mdw17327-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:03 GMT
server: nginx
x-timer: S1612833707.549629,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:03:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 4892c960-6713-11eb-9013-6e089491ccf9
x-cache-hits: 1, 2

GET
H2 200 jquery.ihotspot.min.js Show response
claroty.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 11 KB
5 KB 13ms
12ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/devvn-image-hotspot/frontend/js/jquery.ihotspot.min.js?ver=1.2.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6497629a2b922641b6de75117c617b30d9972f3b299e167abba9657d38c2429f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"6019ed89-2cb4"
age: 425528
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: HIT, HIT
content-length: 4504
x-served-by: cache-mdw17343-MDW, cache-fra19148-FRA
last-modified: Wed, 03 Feb 2021 00:25:45 GMT
server: nginx
x-timer: S1612833707.563195,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 03:09:38 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 6a7f4e93-6696-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 1, 2

GET
H2 200 2553528.js Show response
js.hs-scripts.com/ 2 KB
948 B 37ms
14ms Script
application/javascript 2606:4700::6811:d6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Requested by: Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cecb98bc3f435658af35055c84584ca627caedff10530e78becde7883e344555

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2
cf-polished: origSize=2307
cf-request-id: 0825fa6aab00002c2297963000000001
cf-bgj: minify
server: cloudflare
x-trace: 2BF092A9AC7F9C9EED038C65F511388FC02FF0F05B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://claroty.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 61e9c68aaef52c22-FRA
expires: Tue, 09 Feb 2021 01:22:46 GMT

GET
H2 200 modernizr.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/components/ 49 KB
18 KB 14ms
14ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/components/modernizr.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a94568956a6d1725f702ab3d5e8e8c88622db86d022298ae5df6a34145317665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60101e8f-c3e0"
age: 1051473
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: HIT, HIT
content-length: 18334
x-served-by: cache-mdw17369-MDW, cache-fra19148-FRA
last-modified: Tue, 26 Jan 2021 13:52:15 GMT
server: nginx
x-timer: S1612833707.578545,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Fri, 28 Jan 2022 21:17:14 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 06ee80f3-60e5-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 1, 2

GET
H2 200 bootstrap.min.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/components/ 59 KB
19 KB 13ms
12ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/components/bootstrap.min.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60113be2-ea6a"
age: 1059171
x-pantheon-styx-hostname: styx-fe4-b-649d688684-9sq97
x-cache: HIT, HIT
content-length: 19595
x-served-by: cache-mdw17351-MDW, cache-fra19148-FRA
last-modified: Wed, 27 Jan 2021 10:09:38 GMT
server: nginx
x-timer: S1612833707.593901,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Fri, 28 Jan 2022 19:08:54 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 19916bba-60d3-11eb-a5e3-fe26c31712af
x-cache-hits: 1, 2

GET
H2 200 wow.min.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/js/ 8 KB
3 KB 13ms
13ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/js/wow.min.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"600721e5-1fdb"
age: 1684082
x-pantheon-styx-hostname: styx-fe4-b-6847444cd7-stvzk
x-cache: HIT, HIT
content-length: 3099
x-served-by: cache-mdw17324-MDW, cache-fra19148-FRA
last-modified: Tue, 19 Jan 2021 18:16:05 GMT
server: nginx
x-timer: S1612833707.610034,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Fri, 21 Jan 2022 13:33:44 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1e0bbb6e-5b24-11eb-adb1-4ac9e8fd6c91
x-cache-hits: 1, 2

GET
H2 200 slick.min.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/js/ 42 KB
13 KB 13ms
12ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/js/slick.min.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60086461-a76f"
age: 1550161
x-pantheon-styx-hostname: styx-fe4-a-7475c57cb7-m8zsm
x-cache: MISS, HIT
content-length: 12980
x-served-by: cache-mdw17363-MDW, cache-fra19148-FRA
last-modified: Wed, 20 Jan 2021 17:12:01 GMT
server: nginx
x-timer: S1612833707.624070,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 23 Jan 2022 02:45:45 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: ed5bf1ae-5c5b-11eb-8247-a2516a6643ac
x-cache-hits: 0, 2

GET
H2 200 jquery-equal-height-old.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/js/ 830 B
603 B 13ms
13ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/js/jquery-equal-height-old.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

78bbc4669e3a67777227daf0ae375492ca2111717a0ddaab40d933b2612f3e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"5ff56ec8-33e"
age: 2726395
x-pantheon-styx-hostname: styx-fe4-a-7766cc6998-nsk9h
x-cache: HIT, HIT
content-length: 313
x-served-by: cache-mdw17327-MDW, cache-fra19148-FRA
last-modified: Wed, 06 Jan 2021 08:03:20 GMT
server: nginx
x-timer: S1612833707.637753,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sun, 09 Jan 2022 12:01:51 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 4b2cab15-51a9-11eb-bf4d-9aa52e6b0cfa
x-cache-hits: 1, 2

GET
H2 200 hero-animation-data.js Show response
claroty.com/wp-content/themes/claroty/assets/js/ 245 KB
75 KB 16ms
12ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/assets/js/hero-animation-data.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

67a3b833bb6acc2b54e00118653dfe9a87b1caa15d7b9bd93646bf81c6a2c5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60120bbc-3d54f"
age: 1003934
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: HIT, HIT
content-length: 77032
x-served-by: cache-mdw17381-MDW, cache-fra19148-FRA
last-modified: Thu, 28 Jan 2021 00:56:28 GMT
server: nginx
x-timer: S1612833707.651767,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 29 Jan 2022 10:29:33 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: b62b09fe-6153-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 1, 2

GET
H2 200 hero-animation.js Show response
claroty.com/wp-content/themes/claroty/assets/js/ 6 KB
3 KB 17ms
13ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/assets/js/hero-animation.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4e860511ded09a4c2ed1276e37f3a5559be8292d90b7dba4baa699b1d3574e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"600ebf77-192e"
age: 1195321
x-pantheon-styx-hostname: styx-fe4-b-649d688684-g9bm2
x-cache: HIT, HIT
content-length: 2591
x-served-by: cache-mdw17351-MDW, cache-fra19148-FRA
last-modified: Mon, 25 Jan 2021 12:54:15 GMT
server: nginx
x-timer: S1612833707.651761,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Thu, 27 Jan 2022 05:19:45 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1a789c97-5f96-11eb-bf59-129971926bc2
x-cache-hits: 1, 2

GET
H2 200 select2.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/js/ 100 KB
29 KB 20ms
16ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/js/select2.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1ff7a6c1fb33b0b139e30bfcf89349cc893f2fb4d49efd091363c1032c193b84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60086694-19062"
age: 1643997
x-pantheon-styx-hostname: styx-fe4-a-7475c57cb7-b29cf
x-cache: HIT, HIT
content-length: 29261
x-served-by: cache-mdw17372-MDW, cache-fra19148-FRA
last-modified: Wed, 20 Jan 2021 17:21:24 GMT
server: nginx
x-timer: S1612833707.651876,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 22 Jan 2022 00:41:48 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 720e8471-5b81-11eb-a184-3ab86763057f
x-cache-hits: 1, 2

GET
H2 200 scripts.min.js Show response
claroty.com/wp-content/themes/claroty/html/app/assets/js/ 14 KB
3 KB 16ms
13ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/js/scripts.min.js?ver=1.0.0

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

43464a2a2fc96754ed53932064a66f6a0b9b8806891c7cc2f002aa2466c56046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601ae298-3892"
age: 419574
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: HIT, HIT
content-length: 2666
x-served-by: cache-mdw17345-MDW, cache-fra19148-FRA
last-modified: Wed, 03 Feb 2021 17:51:20 GMT
server: nginx
x-timer: S1612833707.651855,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 04:48:53 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 4802b993-66a4-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 1, 2

GET
H2 200 new-tab.js Show response
claroty.com/wp-content/plugins/page-links-to/dist/ 24 KB
10 KB 19ms
16ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.4

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"600055a7-609e"
age: 2177608
x-pantheon-styx-hostname: styx-fe4-b-7985f65b8b-867dz
x-cache: HIT, HIT
content-length: 10020
x-served-by: cache-mdw17345-MDW, cache-fra19148-FRA
last-modified: Thu, 14 Jan 2021 14:31:03 GMT
server: nginx
x-timer: S1612833707.652138,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 15 Jan 2022 20:28:19 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 09e313ae-56a7-11eb-bcbf-16cb3085dc39
x-cache-hits: 1, 2

GET
H2 200 wp-embed.min.js Show response
claroty.com/wp-includes/js/ 1 KB
1 KB 21ms
17ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-includes/js/wp-embed.min.js?ver=5.6

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36d8-59a"
age: 371804
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-8zj97
x-cache: HIT, HIT
content-length: 784
x-served-by: cache-mdw17362-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:04 GMT
server: nginx
x-timer: S1612833707.652313,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:05:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 80667a06-6713-11eb-af88-fabb18204ca8
x-cache-hits: 1, 2

GET
H2 200 asyncdc.min.js Show response
claroty.com/wp-content/plugins/pardot/js/ 457 B
507 B 21ms
17ms Script
application/x-javascript 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/plugins/pardot/js/asyncdc.min.js?ver=5.6

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

91d744bf23ae2d21a6565a51934c39e0f8fa6121b958f2998a1979ee7ba2fa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"601c36d6-1c9"
age: 371805
x-pantheon-styx-hostname: styx-fe4-a-695744c5c6-wzlfh
x-cache: HIT, HIT
content-length: 230
x-served-by: cache-mdw17374-MDW, cache-fra19148-FRA
last-modified: Thu, 04 Feb 2021 18:03:02 GMT
server: nginx
x-timer: S1612833707.652304,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Sat, 05 Feb 2022 18:05:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 8066411b-6713-11eb-ad43-d2fb8bff6f1f
x-cache-hits: 2, 2

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 6999
date: Mon, 08 Feb 2021 23:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 09 Feb 2021 01:25:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
825 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans|Noto+Serif&display=swap

Requested by

Host: claroty.com
URL: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

090fd1da03ea5167e336c404183e666c6c946a60e5e92a01efaaef1b165f16ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 09 Feb 2021 01:21:18 GMT
server: ESF
date: Tue, 09 Feb 2021 01:21:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Feb 2021 01:21:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 126 KB
45 KB 25ms
22ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MC333T7

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7cd7c7ca785eac6fa6c49eed13abe33081053ac7e9a2b63ec4ac07fc84f16e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45661
x-xss-protection: 0
last-modified: Tue, 09 Feb 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Feb 2021 01:21:46 GMT

GET
H2 200 hotjar-1953887.js Show response
static.hotjar.com/c/ 4 KB
2 KB 141ms
47ms Script
application/javascript 65.9.94.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1953887.js?sv=6

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.94.17 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

00ea0fff528472cc4f73b608d31b4836a6fb9eece21f93d9ee8fec83a2eb0fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 28
etag: W/bab2d5a73d765fc6f9c2a579beff5b12
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: PRG50-C1
content-length: 1765
via: 1.1 4b7022ec3e11edfdd972039992f837df.cloudfront.net (CloudFront)
x-amz-cf-id: abyGvV3V9mKZDXauHSPGayr6WIwm62XxS2qIo8ETbZyXKLjrswz06Q==

GET
H2 200 Europa-Regular.woff
claroty.com/wp-content/themes/claroty/html/app/assets/fonts/ 26 KB
26 KB 22ms
21ms Font
font/woff 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/fonts/Europa-Regular.woff

Requested by

Host: claroty.com
URL: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

39568f432947b2faa23f46c55da3a6e093099d518e7bd5d332d27eb8f41acab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
etag: "60068243-67d8"
age: 1762872
x-pantheon-styx-hostname: styx-fe4-a-7766cc6998-c5gnw
x-cache: HIT, HIT
content-length: 26584
x-served-by: cache-mdw17369-MDW, cache-fra19148-FRA
last-modified: Tue, 19 Jan 2021 06:54:59 GMT
server: nginx
x-timer: S1612833707.657928,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
content-type: font/woff
access-control-allow-origin: *
expires: Thu, 20 Jan 2022 15:40:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: ab4ef442-5a6c-11eb-8dd2-4ae4701bc2e6
x-cache-hits: 1, 2

GET
H2 200 Europa-Bold.woff
claroty.com/wp-content/themes/claroty/html/app/assets/fonts/ 18 KB
18 KB 22ms
21ms Font
font/woff 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/fonts/Europa-Bold.woff

Requested by

Host: claroty.com
URL: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13676a737e8094dcd64595ce866d1312b3bb8ae5a00e70f5677b44e02cc30975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
etag: "60003665-47c8"
age: 2200752
x-pantheon-styx-hostname: styx-fe4-b-7985f65b8b-867dz
x-cache: HIT, HIT
content-length: 18376
x-served-by: cache-mdw17335-MDW, cache-fra19148-FRA
last-modified: Thu, 14 Jan 2021 12:17:41 GMT
server: nginx
x-timer: S1612833707.658007,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
content-type: font/woff
access-control-allow-origin: *
expires: Sat, 15 Jan 2022 14:02:33 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 265b2a36-5671-11eb-bcbf-16cb3085dc39
x-cache-hits: 1, 2

GET
H2 200 icomoon.ttf
claroty.com/wp-content/themes/claroty/html/app/assets/fonts/icons/ 10 KB
6 KB 22ms
21ms Font
application/x-font-ttf 2620:12a:8001::4
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://claroty.com/wp-content/themes/claroty/html/app/assets/fonts/icons/icomoon.ttf?izgp1

Requested by

Host: claroty.com
URL: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8001::4 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0492bbab03ef89eee73723ead3ae393792d5dc69383a9781590d90ca2c1cbbf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/wp-content/themes/claroty/html/app/assets/css/style.min.css?ver=1.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31622400; includeSubDomains; preload
content-encoding: gzip
etag: W/"60101e8f-28dc"
age: 1070333
x-pantheon-styx-hostname: styx-fe4-b-649d688684-mhstp
x-cache: HIT, HIT
content-length: 5698
x-served-by: cache-mdw17326-MDW, cache-fra19148-FRA
access-control-allow-origin: *
last-modified: Tue, 26 Jan 2021 13:52:15 GMT
server: nginx
x-timer: S1612833707.658100,VS0,VE0
date: Tue, 09 Feb 2021 01:21:46 GMT
vary: Accept-Encoding
content-type: application/x-font-ttf
via: 1.1 varnish, 1.1 varnish
expires: Fri, 28 Jan 2022 16:02:54 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1d33ed23-60b9-11eb-a0e8-0a5f99c5632f
x-cache-hits: 1, 2

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 652
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 09 Feb 2021 02:10:54 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 448 KB
77 KB 47ms
22ms Script
application/javascript 2606:4700::6811:e6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91ed6ce02b6c75337190849469779a4bd41848b76017521bf4544f268c011ad4

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
via: 1.1 157ebd6865840045fc8b5ed1cce7e466.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 37869
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.969/bundle/main/lead-flows-release.js&cfRay=61e62a017cb9faea-IAD
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0825fa6b340000073ed80fd000000001
cf-ray: 61e9c68b8db1073e-FRA
last-modified: Thu, 17 Dec 2020 10:03:39 UTC
server: cloudflare
etag: W/"a566ab0a8f74bc7424c04febd0ea0ce7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: rhp8gAMuDbTLsXApeWVaA5lKkewB4A5p
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: GvFiuasNRakNULphHcu8W0JIj4BW1NKqkBCRPrJ5z8Edz3gD0LoMeg==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 78 KB
24 KB 43ms
22ms Script
application/javascript 2606:4700::6811:80ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:80ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a12ac37a39b2818801153898a9e716122189a054cb0cc0a98131ead6b57751d9

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
via: 1.1 e89d95d090c0c86ecc7b8930e434625d.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 68123
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.224/bundles/project.js&cfRay=61e347604c2e4a97-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0825fa6b3100002c2a02167000000001
cf-ray: 61e9c68b8eae2c2a-FRA
last-modified: Tue, 02 Feb 2021 01:41:22 UTC
server: cloudflare
etag: W/"4175c61bef30fbed4a4fea09f2f20c4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: YxTlDDuGm95GnTHKn2AaGJe9LDW9YpHd
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: SgVCpMuKVV9-NsSmfIr0wiRe4lAwjTyHRhkWS9fubvmNKFcjzxKAFg==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
3 KB 33ms
13ms Script
application/javascript 2606:4700::6811:71b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:71b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3399b34b280df0bae72875db0c8920320cc6b8ce3e64413541fdcb7fd53a2a8f

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
via: 1.1 c889e9448c63bb4bf9dd41fcb2250e09.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 577
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.222/bundles/pixels-release.js&cfRay=61e9b870b8a42bc2-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0825fa6b300000dfd77dbd2000000001
last-modified: Fri, 29 Jan 2021 04:30:45 UTC
server: cloudflare
etag: W/"c8d54dcba2e9466890079ae550d834bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: tMGfNCDI8YaArCWxgAwYbahB1RP10YKq
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 61e9c68b7c6adfd7-FRA
x-amz-cf-id: nUdk5EWdRGJAB3z_h6nvW9JpkVZ8ZTM-1ccKgJD3YauyWeXHY5z8eQ==

GET
H2 200 2553528.js Show response
js.hs-analytics.net/analytics/1612833600000/ 61 KB
19 KB 41ms
19ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1612833600000/2553528.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 789b47af18dff96da1c585ac3c6896f03a6c36af5f6bfae31f05db4efe081066

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 87
x-amz-server-side-encryption: AES256
x-amz-request-id: D15DC56D2A17982D
x-amz-id-2: x4Ez3xuM+XHafOsbcseCf1Sec7Ex0T/243crycqTVWBoAn6/b0AiXkNM8rZiEgj8sWT+fAAXrwc=
last-modified: Tue, 02 Feb 2021 21:53:51 GMT
server: cloudflare
etag: W/"ddd74b1c30c2068e47fe90fc9b0d05bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-request-id: 0825fa6b3200001f51d121d000000001
cf-ray: 61e9c68b8c761f51-FRA
expires: Tue, 09 Feb 2021 01:25:18 GMT

GET
H2 200 2553528.js Show response
js.hs-banner.com/ 56 KB
14 KB 37ms
17ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2553528.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2553528.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebac065a9f515b0f4f1e23d42cac069928b59e6265235de7976bebd49805f563

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=68tO8Q==, md5=siGmT4MkK6oXejSo/egYOw==
date: Tue, 09 Feb 2021 01:21:46 GMT
content-encoding: br
cf-cache-status: HIT
age: 210
x-guploader-uploadid: ABg5-UxqxBt_NYQ4pyCDL45PpyHWyhM-sxJl6ylNsiHtQBXAmkwINEEy1i0FmBbf32vdIfGEZef5ynIcmGPHUU3_AXs
x-goog-storage-class: STANDARD
access-control-max-age: 604800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript; charset=UTF-8
cf-request-id: 0825fa6b3000004a9ec49e5000000001
timing-allow-origin: *
last-modified: Tue, 05 Jan 2021 17:30:47 GMT
server: cloudflare
etag: W/"b221a64f83242baa177a34a8fde8183b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation: 1609867847345483
access-control-allow-origin: https://claroty.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 57017
cf-ray: 61e9c68b7c194a9e-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 09 Feb 2021 01:23:16 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
9 KB 47ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC333T7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:46 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: F0DC05511D7C40BAA852040BEF1FF8BD Ref B: FRAEDGE1421 Ref C: 2021-02-09T01:21:47Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 23ms
7ms Script
application/x-javascript 2a02:26f0:7100:481::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC333T7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:481::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 09 Feb 2021 01:21:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=58721
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
82 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-84224451-1&cid=804012475.1612833707&jid=1922024176&gjid=1175916932&_gid=722248629.1612833707&_u=aGBAgUAjCAAAAE~&z=284034121

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 09 Feb 2021 01:21:47 GMT
content-type: text/plain
access-control-allow-origin: https://claroty.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
5ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=355172643&t=pageview&_s=1&dl=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&ul=en-us&de=UTF-8&dt=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUAjC~&jid=1922024176&gjid=1175916932&cid=804012475.1612833707&tid=UA-84224451-1&_gid=722248629.1612833707&z=1312961644

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Feb 2021 10:13:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 54499
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.d8d7274ca9da6876e8ea.js Show response
script.hotjar.com/ 223 KB
59 KB 115ms
41ms Script
application/javascript 13.224.94.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.d8d7274ca9da6876e8ea.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1953887.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.94.37 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-94-37.zrh50.r.cloudfront.net

Software

Resource Hash

459d4bbd0d9768cc0de0fbc6f255070388141a3820a411aedf1bb2195ba96c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 18:26:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24898
x-cache: Hit from cloudfront
content-length: 59993
access-control-allow-origin: *
last-modified: Mon, 08 Feb 2021 18:23:28 GMT
etag: "4d1094fa5d708130c422cec25b8c5877"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: zbvXD-Hgf_Bhke4sKhBOv6JjqcgRT5Lc8_Wbd74aFvdQC-cB2pJFqQ==

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
960 B 124ms
108ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=2553528&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e58f8650c58e034b722055a612f8200795afe0d8aa0c553110aac0c46ff24cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:47 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0825fa6c7300002c01cc396000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6X6wGJdC0T2G6GhoaDFoCopetE2k794xz9ed5e8xtdtjeU10%2BQvia1QjIeW5ZwxLOhAwcx9M%2Bc%2FENUA1O8tlv%2Fx95ZpYr0ucM41aGfNEMkPW7JsWifp5HFgDwNNusg%3D%3D"}]}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://claroty.com
access-control-allow-credentials: false
cf-ray: 61e9c68d8e892c01-FRA
access-control-allow-headers: *

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame C2C6 0
0 152ms
51ms Document
text/html 65.9.94.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1953887.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.94.6 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Response headers

content-type: text/html
content-length: 851
date: Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: DUtmr4KCoCVrfzmrRl3s6osgIJu__OHKmnShb9-nHjbvg2EspZtN1A==
age: 6682844

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1162802%26time%3D1612833707107%26url%3Dhttps%253A%252F%252Fclaroty.com%252F2020%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&liSync=true

0
58 B

162ms
161ms

Image
application/javascript

2620:119:50e6:101::6cae:b05
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&liSync=true
Requested by: Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e6:101::6cae:b05 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:47 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-ech2
content-type: application/javascript
content-length: 0
x-li-uuid: QRUNT7bvYRagGCYgNCsAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: QlV3QrbvYRaAK0W2sCoAAA==
pragma: no-cache
x-li-pop: afd-prod-ltx1
x-msedge-ref: Ref A: 3A42EDB76D3D46D28E251CB9664EB0D8 Ref B: FRAEDGE1516 Ref C: 2021-02-09T01:21:47Z
date: Tue, 09 Feb 2021 01:21:47 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1162802&time=1612833707107&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
170 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17399384&Ver=2&mid=fea1e7ca-c84d-4e19-ad25-7fec30a8c6b7&sid=2d7271006a7511ebb659dbe7e445ffad&vid=2d7290806a7511eb8a3f4d214ef049b3&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&p=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&r=&lt=1240&evt=pageLoad&msclkid=N&sv=1&rn=465023
Requested by: Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 09 Feb 2021 01:21:47 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 36019A8F29504A48A4FCEC26D2B079C2 Ref B: FRAEDGE1421 Ref C: 2021-02-09T01:21:47Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
588 B 121ms
105ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B9A168099F3385CF164CCCF5437C0308AD0103657000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 61e9c68e4ec00625-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
cf-request-id: 0825fa6cf100000625c8b4a000000001

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1953887/ 152 B
305 B 116ms
38ms XHR
application/json 52.49.237.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1953887/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d8d7274ca9da6876e8ea.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.237.17 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-237-17.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c4dc799d09b15e57ee98e3c3866ca16f53354cb79838d3aa6c9c961292151858

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 09 Feb 2021 01:21:47 GMT
content-encoding: br
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 411ms
102ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: claroty.com
URL: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 09 Feb 2021 01:21:48 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Fri, 13 Mar 2020 19:48:39 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Thu, 09 Feb 2023 01:21:48 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 67 B
982 B 394ms
378ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=2553528

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

757365fc495d204b42af511f6140eec92706ed85e04465c4b214462c45912508

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0825fa6fd600002c3ac39e0000000001
server: cloudflare
x-trace: 2B3751798E4AD510F5505F834B7324EECD6B00CE89000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JdUoBEKMXBAStpuS7hrBZhtL%2Br%2FDBCAZHkCqsQVJeVl4d3jSvp9wHe0opNz2k6huZ17%2B3B7jeFTP2O0L3L2Cy%2FpiBsMfla4NA9yvHhEWnkFuyZyswwXCqmfeVA%3D%3D"}],"group":"cf-nel"}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://claroty.com
access-control-allow-credentials: false
cf-ray: 61e9c692fb722c3a-FRA
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
847 B 36ms
21ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2978788718&v=1.1&a=2553528&ct=blog-post&rcu=https%3A%2F%2Fwww.claroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&pu=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&t=OT+Implications+of+Energetic+Bear%27s+Targeting+of+Zerologon+-+Claroty&cts=1612833707984&vi=8c43f3af7d0c2085a703dd58137082ab&nc=true&u=125082197.8c43f3af7d0c2085a703dd58137082ab.1612833707973.1612833707973.1612833707973.1&b=125082197.1.1612833707974

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 61e9c69309b84a68-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0825fa6fe500004a68c92c2000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0kdIFDr0PShGGg%2FCvMwFQAoIxC06CUP%2F0fXxQfXVoYGREeXMEVXkunH4lMdh1luvj2u5vx1TEg3r64s039AukThSLTe0fNpQmWA7xyJo4tiw20YhntWG%2FoFG%2FH%2B5Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
1 KB 119ms
119ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2553528&utk=8c43f3af7d0c2085a703dd58137082ab&__hstc=125082197.8c43f3af7d0c2085a703dd58137082ab.1612833707973.1612833707973.1612833707973.1&__hssc=125082197.1.1612833707974&currentUrl=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

830259ad7cb4a3c43bedaff87d9d0299a639950c58dd96196d2bd83c8c36b59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0825fa6fdb00002c01eda87000000001
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vbBaCqkDfNxgOHDt5PmVUEgVVpfvY0CQWtccoyEOJ23jO5266qBHQPJb5F1%2Bha0a4%2BDWozeEV5TRIhash0dYwo4r6WPTNf8%2FyW%2BlwuVkwutcT7Ae6eiy4%2BBxN2vt9A%3D%3D"}]}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://claroty.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 61e9c692fbe42c01-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 942 B
675 B 20ms
19ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=explicit

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a0e4b77bba830a23171049ba6e5519d254431df8c94dcaf8ad0296876efd1bdf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 583
x-xss-protection: 1; mode=block
expires: Tue, 09 Feb 2021 01:21:48 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
340 B 24ms
24ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=d2713113-0697-46e5-9ef1-4defb37fc126&lfi=345634&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2978788718&v=1.1&a=2553528&ct=blog-post&rcu=https%3A%2F%2Fwww.claroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&pu=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&t=OT+Implications+of+Energetic+Bear%27s+Targeting+of+Zerologon+-+Claroty&cts=1612833708116&vi=8c43f3af7d0c2085a703dd58137082ab&nc=true&u=125082197.8c43f3af7d0c2085a703dd58137082ab.1612833707973.1612833707973.1612833707973.1&b=125082197.1.1612833707974

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 61e9c693ca984a68-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0825fa705a00004a68d88f8000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VPdUvFsk5m5wc%2FYpBs%2BwfpNIF7nvZstqeYozMFLJYosTEJHa2hBVNWNQDUOcm6hg80Afmebse2kZ%2BCLPoP2%2FYbowku%2BLLT4I9u%2BSBkjGGG1RuDX90MQi9BJyl1iAMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ 332 KB
332 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://claroty.com
Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 00:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 2779
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 339515
x-xss-protection: 0
expires: Wed, 09 Feb 2022 00:35:29 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 48ms
34ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-774863821

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a2055fd1145916a8c6f3410a14907006e56226c518033bb234994a9b271d867

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38988
x-xss-protection: 0
last-modified: Tue, 09 Feb 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Feb 2021 01:21:48 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 1 KB
1 KB 155ms
155ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=4951&account_id=903751&title=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: f00b9e6b43c3fc05cd104059405ad0add77bf69663e650c76f0913dd0012a0a1

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 09 Feb 2021 01:21:48 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/3/166
Vary: Accept-Encoding,User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 673
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
13 KB 102ms
47ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-774863821

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

c4eb51f22f568120cf9ab08fbeae1a5369ec10fd7dba0ceba07038b07a9a9975

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12189
x-xss-protection: 0
server: cafe
etag: 7685221537260973389
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 09 Feb 2021 01:21:48 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/774863821/ 2 KB
1 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/774863821/?random=1612833708546&cv=9&fst=1612833708546&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa1r0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&tiba=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cde5290741a8893c19f9445b4823e970c771790ad277fd1c6d458201d1c3f31d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Feb 2021 01:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/774863821/ 42 B
530 B 47ms
33ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/774863821/?random=1612833708546&cv=9&fst=1612832400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa1r0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&tiba=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&async=1&fmt=3&is_vtc=1&random=1699069012&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Feb 2021 01:21:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/774863821/ 42 B
108 B 20ms
20ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/774863821/?random=1612833708546&cv=9&fst=1612832400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa1r0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&tiba=OT%20Implications%20of%20Energetic%20Bear%27s%20Targeting%20of%20Zerologon%20-%20Claroty&async=1&fmt=3&is_vtc=1&random=1699069012&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Feb 2021 01:21:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Favicon%20Image.png
f.hubspotusercontent20.net/hubfs/2553528/ 291 KB
293 KB 39ms
21ms Image
image/webp 2606:4700::6810:bb72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent20.net/hubfs/2553528/Favicon%20Image.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35ca33d21b08ba888e0fb518ef5fab3f3d31ad87e120e8e9733e3dba9e3eb225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 0825fa74500000bf0a87adf000000001
x-amz-meta-cache-tag: F-31485611834,P-2553528,FLS-ALL
age: 1049614
x-amz-server-side-encryption: AES256
edge-cache-tag: F-31485611834,P-2553528,FLS-ALL
content-disposition: inline; filename="Favicon%20Image.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 8CB97D79E01098DC
cf-bgj: imgq:85,h2pri
etag: "e3894d08ebce83cf2e01b93506b2ad2c"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 09 Feb 2021 01:21:49 GMT
via: 1.1 c07320a6bd3c3139ec09f5dbe085c0ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: CDG53-C1
cf-polished: origFmt=png, origSize=511674
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 298274
x-amz-id-2: Lp3so9ngYeTGbV8auUOSYr4zPWu4Ki65N27qjmFCaP8/Zfqh2yMJ5agLGO0PCrMGHWDpDCHHlg8=
last-modified: Tue, 30 Jun 2020 14:37:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: E9BDw3t.9n0QOKw9eX5GbqNyu81iNWjT
accept-ranges: bytes
cf-ray: 61e9c69a1a16bf0a-FRA
x-amz-cf-id: OBGcsP4qRe-LTchLEpqzZFZv9AQQ6qaOF20cC49Qz1pRBL-E0WXrzg==

GET
H2 200 Favicon%20Image.png
f.hubspotusercontent20.net/hubfs/2553528/ 291 KB
292 KB 20ms
20ms Image
image/webp 2606:4700::6810:bb72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent20.net/hubfs/2553528/Favicon%20Image.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35ca33d21b08ba888e0fb518ef5fab3f3d31ad87e120e8e9733e3dba9e3eb225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 0825fa8bba0000bf0a732bb000000001
x-amz-meta-cache-tag: F-31485611834,P-2553528,FLS-ALL
age: 1049620
x-amz-server-side-encryption: AES256
edge-cache-tag: F-31485611834,P-2553528,FLS-ALL
content-disposition: inline; filename="Favicon%20Image.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 8CB97D79E01098DC
cf-bgj: imgq:85,h2pri
etag: "e3894d08ebce83cf2e01b93506b2ad2c"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Tue, 09 Feb 2021 01:21:55 GMT
via: 1.1 c07320a6bd3c3139ec09f5dbe085c0ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: CDG53-C1
cf-polished: origFmt=png, origSize=511674
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 298274
x-amz-id-2: Lp3so9ngYeTGbV8auUOSYr4zPWu4Ki65N27qjmFCaP8/Zfqh2yMJ5agLGO0PCrMGHWDpDCHHlg8=
last-modified: Tue, 30 Jun 2020 14:37:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: E9BDw3t.9n0QOKw9eX5GbqNyu81iNWjT
accept-ranges: bytes
cf-ray: 61e9c6bf9f25bf0a-FRA
x-amz-cf-id: OBGcsP4qRe-LTchLEpqzZFZv9AQQ6qaOF20cC49Qz1pRBL-E0WXrzg==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
465 B 26ms
26ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=d2713113-0697-46e5-9ef1-4defb37fc126&lfi=345634&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2978788718&v=1.1&a=2553528&ct=blog-post&rcu=https%3A%2F%2Fwww.claroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&pu=https%3A%2F%2Fclaroty.com%2F2020%2F10%2F27%2Fblog-research-energetic-bear-zerologon%2F&t=OT+Implications+of+Energetic+Bear%27s+Targeting+of+Zerologon+-+Claroty&cts=1612833715125&vi=8c43f3af7d0c2085a703dd58137082ab&nc=true&u=125082197.8c43f3af7d0c2085a703dd58137082ab.1612833707973.1612833707973.1612833707973.1&b=125082197.1.1612833707974

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://claroty.com/2020/10/27/blog-research-energetic-bear-zerologon/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 01:21:55 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 61e9c6bf9ce64a68-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0825fa8bba00004a68af34e000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4%2BwvrBdRHJwb4Iol7XRJrjy7X2VlsYy90NkAhSuWj1R%2F0elrjkD4mcPMGcj7Ewko6Su%2ByhGHWhWPHP29i9lyO3nLO70K9R98ItBdIbvBNZpGRSNNjmx6iaVGBNccBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.claroty.com/	1970-01-19 16:00:35	Name: __hssc Value: 125082197.1.1612833707974
.claroty.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.claroty.com/	1970-01-20 01:22:09	Name: __hstc Value: 125082197.8c43f3af7d0c2085a703dd58137082ab.1612833707973.1612833707973.1612833707973.1
.claroty.com/	1970-01-19 16:23:57	Name: _uetvid Value: 2d7290806a7511eb8a3f4d214ef049b3
.claroty.com/	1970-01-19 16:02:00	Name: _uetsid Value: 2d7271006a7511ebb659dbe7e445ffad
.claroty.com/	1970-01-20 09:31:45	Name: _ga Value: GA1.2.804012475.1612833707
claroty.com/	1970-01-19 16:00:33	Name: _hjIncludedInPageviewSample Value: 1
.claroty.com/	1970-01-19 16:02:00	Name: _gid Value: GA1.2.722248629.1612833707
.claroty.com/	1970-01-20 01:22:09	Name: hubspotutk Value: 8c43f3af7d0c2085a703dd58137082ab
.claroty.com/	1970-01-19 16:00:35	Name: _hjAbsoluteSessionInProgress Value: 0
.claroty.com/	1970-01-19 16:00:35	Name: _hjFirstSeen Value: 1
.claroty.com/	1970-01-20 00:46:09	Name: _hjid Value: 6b30c7ca-824a-49a3-81e3-48427a220956
.claroty.com/	1970-01-19 16:00:33	Name: _gat Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://claroty.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
bat.bing.com
claroty.com
f.hubspotusercontent20.net
fonts.googleapis.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
pi.pardot.com
px.ads.linkedin.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
track.hubspot.com
vars.hotjar.com
www.claroty.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
13.224.94.37
142.250.186.66
2606:4700::6810:5805
2606:4700::6810:bb72
2606:4700::6811:45b0
2606:4700::6811:71b0
2606:4700::6811:80ab
2606:4700::6811:c9cc
2606:4700::6811:d6cc
2606:4700::6811:e6cc
2606:4700::6812:15bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:119:50e6:101::6cae:b05
2620:12a:8001::4
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2008
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:80f::200a
2a00:1450:4001:812::2008
2a00:1450:4001:812::200e
2a00:1450:4001:813::200e
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:400c:c00::9b
2a02:26f0:7100:481::25ea
35.174.151.106
52.49.237.17
65.9.94.17
65.9.94.6
00ea0fff528472cc4f73b608d31b4836a6fb9eece21f93d9ee8fec83a2eb0fa4
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0492bbab03ef89eee73723ead3ae393792d5dc69383a9781590d90ca2c1cbbf4
090fd1da03ea5167e336c404183e666c6c946a60e5e92a01efaaef1b165f16ad
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
13676a737e8094dcd64595ce866d1312b3bb8ae5a00e70f5677b44e02cc30975
151609e6f656da6321b0e6324a66673cd4d36a946e1cc85f180202e36250dbb7
1ff7a6c1fb33b0b139e30bfcf89349cc893f2fb4d49efd091363c1032c193b84
20d5e450f4dfded00ed094130beb5a6e103f78adaa76a8c42835f56cd1f5951b
2961bb57dcfff925f2e03ad6ad741a457b5f5482bd5b5c221cc20d5d1bfb4268
31c2b577a69397092bb0487db0373ad47a6807351d939215c25b591f02be7cbd
3399b34b280df0bae72875db0c8920320cc6b8ce3e64413541fdcb7fd53a2a8f
35ca33d21b08ba888e0fb518ef5fab3f3d31ad87e120e8e9733e3dba9e3eb225
37e1ed5202ca312ed798f5ebb23baa3e9465be54642ea05beed44c6eea75ba50
39568f432947b2faa23f46c55da3a6e093099d518e7bd5d332d27eb8f41acab9
43464a2a2fc96754ed53932064a66f6a0b9b8806891c7cc2f002aa2466c56046
45243d2099be0b40b45fb54d2eff19d9909f44b7a919ad0c93a4cd858792aa34
459d4bbd0d9768cc0de0fbc6f255070388141a3820a411aedf1bb2195ba96c00
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4e860511ded09a4c2ed1276e37f3a5559be8292d90b7dba4baa699b1d3574e1b
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4
6497629a2b922641b6de75117c617b30d9972f3b299e167abba9657d38c2429f
67a3b833bb6acc2b54e00118653dfe9a87b1caa15d7b9bd93646bf81c6a2c5ad
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
757365fc495d204b42af511f6140eec92706ed85e04465c4b214462c45912508
7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135
789b47af18dff96da1c585ac3c6896f03a6c36af5f6bfae31f05db4efe081066
78bbc4669e3a67777227daf0ae375492ca2111717a0ddaab40d933b2612f3e68
7cd7c7ca785eac6fa6c49eed13abe33081053ac7e9a2b63ec4ac07fc84f16e6c
830259ad7cb4a3c43bedaff87d9d0299a639950c58dd96196d2bd83c8c36b59e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a2055fd1145916a8c6f3410a14907006e56226c518033bb234994a9b271d867
91d744bf23ae2d21a6565a51934c39e0f8fa6121b958f2998a1979ee7ba2fa9d
91ed6ce02b6c75337190849469779a4bd41848b76017521bf4544f268c011ad4
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9ce2baf06d2a3308b38151a6f66c4456aef0ebebc4587aa651d93977fd5b792f
a0e4b77bba830a23171049ba6e5519d254431df8c94dcaf8ad0296876efd1bdf
a12ac37a39b2818801153898a9e716122189a054cb0cc0a98131ead6b57751d9
a94568956a6d1725f702ab3d5e8e8c88622db86d022298ae5df6a34145317665
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
c1b584c25c9df2635eed911efee24180fe5a3da8630fcea6b482b28ec5643284
c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827
c4dc799d09b15e57ee98e3c3866ca16f53354cb79838d3aa6c9c961292151858
c4eb51f22f568120cf9ab08fbeae1a5369ec10fd7dba0ceba07038b07a9a9975
c85d7f9f0746c2b8467922bbb27329d1f4770f9c19afe20af28412c669aad0dc
cde5290741a8893c19f9445b4823e970c771790ad277fd1c6d458201d1c3f31d
cecb98bc3f435658af35055c84584ca627caedff10530e78becde7883e344555
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d70b17a683bfc1ca0d4492d5b18c9227b2a72a4f2ec51cf1639e44f199af2209
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e11b838d8d16bacd663557317c3c6db277fe4c84002dbdee6d54096854986ddd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e58f8650c58e034b722055a612f8200795afe0d8aa0c553110aac0c46ff24cff
e8b5c0f1aab454e3dd3d47bdb0d6be1a54c0c350dff5feaa3a595937e2006df1
ebac065a9f515b0f4f1e23d42cac069928b59e6265235de7976bebd49805f563
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00b9e6b43c3fc05cd104059405ad0add77bf69663e650c76f0913dd0012a0a1

claroty.com Open in urlscan Pro 2620:12a:8001::4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

82 %IPv6

24 Domains

31 Subdomains

32 IPs

5 Countries

1801 kBTransfer

3585 kBSize

13 Cookies

7 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

claroty.com Open in urlscan Pro
2620:12a:8001::4 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

82 %
IPv6

24
Domains

31
Subdomains

32
IPs

5
Countries

1801 kB
Transfer

3585 kB
Size

13
Cookies

71 HTTP transactions
0 data transactions