security.criticalstart.com Open in urlscan Pro
104.17.70.206 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=
Effective URL:
https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeu...
Submission: On April 07 via api (April 7th 2022, 6:35:07 pm UTC) from US — Scanned from DE

Summary HTTP 106 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 47 IPs in 6 countries across 35 domains to perform 106 HTTP transactions. The main IP is 104.17.70.206, located in and belongs to CLOUDFLARENET, US. The main domain is security.criticalstart.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 22nd 2021. Valid for: a year.

This is the only time security.criticalstart.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2606:4700:303... 2606:4700:3030::6815:4ee6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	108.138.17.88 108.138.17.88	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dcd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	143.204.101.136 143.204.101.136	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.6.108.254 52.6.108.254	14618 (AMAZON-AES) (AMAZON-AES)
1	178.79.242.181 178.79.242.181	22822 (LLNW) (LLNW)
1	18.66.3.117 18.66.3.117	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.26.10.16 104.26.10.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6811:e8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
1	108.157.4.53 108.157.4.53	16509 (AMAZON-02) (AMAZON-02)
2	52.209.39.13 52.209.39.13	16509 (AMAZON-02) (AMAZON-02)
1	54.78.65.25 54.78.65.25	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
106	47

1 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

mkto-sj200229.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

security.criticalstart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

templates.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3030::6815:4ee6 (United States)

ASN13335 (CLOUDFLARENET, US)

dummyimage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-88.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dcd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

11725758.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-136.fra50.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.6.108.254 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-108-254.compute-1.amazonaws.com

cdn.calltrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.181 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-181.fra.llnw.net

up.pixel.ad	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.3.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-3-117.txl50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.16 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e8cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

586-oqg-630.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-53.dus51.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.209.39.13 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-39-13.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.65.25 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-65-25.eu-west-1.compute.amazonaws.com

ws9.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	criticalstart.com security.criticalstart.com	918 KB
9	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	731 KB
9	doubleclick.net 3 redirects 11725758.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 static.doubleclick.net — Cisco Umbrella Rank: 340	5 KB
9	gstatic.com fonts.gstatic.com www.gstatic.com	128 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46 jnn-pa.googleapis.com — Cisco Umbrella Rank: 272	25 KB
6	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 621 script.hotjar.com — Cisco Umbrella Rank: 818 vars.hotjar.com — Cisco Umbrella Rank: 999 in.hotjar.com — Cisco Umbrella Rank: 1743 ws9.hotjar.com — Cisco Umbrella Rank: 63774	67 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	16 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5383 adservice.google.de — Cisco Umbrella Rank: 7579	2 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 482 www.linkedin.com — Cisco Umbrella Rank: 603 px4.ads.linkedin.com — Cisco Umbrella Rank: 4702	7 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	589 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 378	12 KB
3	dummyimage.com dummyimage.com — Cisco Umbrella Rank: 45561	6 KB
3	marketo.net templates.marketo.net — Cisco Umbrella Rank: 154512 munchkin.marketo.net — Cisco Umbrella Rank: 3622	7 KB
2	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 3311	267 B
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2374 forms.hubspot.com — Cisco Umbrella Rank: 3360	2 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1607 insight.adsrvr.org — Cisco Umbrella Rank: 642	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
1	mktoresp.com 586-oqg-630.mktoresp.com	311 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2287	20 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2289	16 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4472	87 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 524
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 7312	824 B
1	t.co t.co — Cisco Umbrella Rank: 476	338 B
1	pixel.ad up.pixel.ad — Cisco Umbrella Rank: 9405	2 KB
1	calltrk.com cdn.calltrk.com — Cisco Umbrella Rank: 20045	312 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2436	968 B
1	cloudfront.net d10lpsik1i8c69.cloudfront.net	3 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 913	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 104	15 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 619	6 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	78 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 682	21 KB
1	mkto-sj200229.com mkto-sj200229.com	885 B
106	35

	Domain	Requested by
20	security.criticalstart.com	mkto-sj200229.com security.criticalstart.com
9	www.youtube.com	security.criticalstart.com www.youtube.com
7	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	jnn-pa.googleapis.com	www.youtube.com
4	11725758.fls.doubleclick.net	2 redirects www.googletagmanager.com
3	www.facebook.com	security.criticalstart.com
3	www.google.com	security.criticalstart.com www.youtube.com
3	googleads.g.doubleclick.net	1 redirects www.googleadservices.com www.youtube.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com security.criticalstart.com
3	dummyimage.com	security.criticalstart.com
3	fonts.googleapis.com	security.criticalstart.com
2	pixel.sitescout.com	security.criticalstart.com
2	in.hotjar.com	script.hotjar.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	adservice.google.de	adservice.google.com
2	www.google.de	security.criticalstart.com
2	adservice.google.com	11725758.fls.doubleclick.net
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	mkto-sj200229.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	munchkin.marketo.net	security.criticalstart.com munchkin.marketo.net
1	forms.hubspot.com	js.hsleadflows.net
1	insight.adsrvr.org	js.adsrvr.org
1	track.hubspot.com
1	ws9.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	586-oqg-630.mktoresp.com	munchkin.marketo.net
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	analytics.twitter.com	static.ads-twitter.com
1	static.doubleclick.net	www.youtube.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	security.criticalstart.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	t.co	security.criticalstart.com
1	js.adsrvr.org	www.googletagmanager.com
1	up.pixel.ad	www.googletagmanager.com
1	cdn.calltrk.com	www.googletagmanager.com
1	js.hs-scripts.com	www.googletagmanager.com
1	d10lpsik1i8c69.cloudfront.net	mkto-sj200229.com
1	snap.licdn.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googletagmanager.com	security.criticalstart.com
1	templates.marketo.net	security.criticalstart.com
1	maxcdn.bootstrapcdn.com	security.criticalstart.com
1	mkto-sj200229.com
106	51

This site contains links to these domains. Also see Links.

Domain
www.criticalstart.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
mkto-sj200229.com Cloudflare Inc ECC CA-3	`2021-10-18` - `2022-10-17`	a year	crt.sh
security.criticalstart.com Cloudflare Inc ECC CA-3	`2021-10-22` - `2022-10-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-15` - `2022-04-15`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
cdn.calltrk.com Amazon	`2022-02-24` - `2023-03-25`	a year	crt.sh
*.pixel.ad GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2022-01-26` - `2023-02-02`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: 4B5849262DE0874F70F342CECDEDCF86
Requests: 78 HTTP requests in this frame

Frame: https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: 398942E384A4B3BC502CF6C38C342BD5
Requests: 1 HTTP requests in this frame

Frame: https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: 82700CAE01D30D96B7885FECDD0B95DE
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/F2sepCUnENg
Frame ID: 5BEEED689265604C70FC2E6698FED739
Requests: 17 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: A746AC35AA35237FEB144421EB6C1556
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: 8CE958CAFB126F70E4BC55A3649D2BA2
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: 4248CB674B3A298F4FEB25D773A926B7
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Frame ID: B2D29B172D6C44D937C84915939C18A4
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: F2C0C4B545D7DA7D101E073C188EACA1
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=nxrbkqx&ref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&upid=04s3ypm&upv=1.1.0
Frame ID: 526BCFC2C908EB7CFE3FC36E101CE9BC
Requests: 1 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: C65B946A843F43FDC0B78CA4F8B4456A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CriticalStart

Page URL History Show full URLs

https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYr... Page URL
https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Page Statistics

106
Requests

98 %
HTTPS

54 %
IPv6

35
Domains

51
Subdomains

47
IPs

6
Countries

2307 kB
Transfer

6376 kB
Size

37
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.criticalstart.com/

Search URL Search Domain Scan URL

URL: https://www.criticalstart.com/resources/
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.criticalstart.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.criticalstart.com/company/
Title: Company

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CriticalStartMDR

Search URL Search Domain Scan URL

URL: https://twitter.com/criticalstart

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/critical-start

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CriticalStart

Search URL Search Domain Scan URL

URL: https://www.instagram.com/criticalstart/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk= Page URL
https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://11725758.fls.doubleclick.net/activityi;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew HTTP 302
https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Request Chain 38

https://11725758.fls.doubleclick.net/activityi;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew HTTP 302
https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Request Chain 55

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2305898%26time%3D1649356504395%26url%3Dhttps%253A%252F%252Fsecurity.criticalstart.com%252FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%253Fmkt_tok%253DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&liSync=true&e_ipv6=AQIGCPTuFr4w7AAAAYAFTv99Ru59rBuvwW6LvcyfEcUNs0d8M1jSeJuqqQgmaYKIkDMhMbU4GNBr5WomkPyva3uvdSSs

Request Chain 74

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

106 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=
mkto-sj200229.com/ 527 B
885 B 236ms
209ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 6f84dc5c1bd36931-FRA
content-encoding: gzip
content-type: text/html
date: Thu, 07 Apr 2022 18:35:02 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 Primary Request WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html Show response
security.criticalstart.com/ 62 KB
13 KB 539ms
517ms Document
text/html 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Host: mkto-sj200229.com
URL: https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97f09496643c9756755ee20a7ced6bb3bdbf173122e238e1bdd2745f02dbddb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mkto-sj200229.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 6f84dc5e29ca9273-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 07 Apr 2022 18:35:03 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
server: cloudflare
vary: *,Accept-Encoding
x-asset-type: LP
x-cache-status: BYPASS
x-content-type-options: nosniff
x-mkto-nginx-cache: false

GET
H2 200 css2
fonts.googleapis.com/ 25 KB
2 KB 42ms
19ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Requested by

Host: security.criticalstart.com
URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 16:50:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 07 Apr 2022 18:35:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Apr 2022 18:35:03 GMT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 118 KB
21 KB 75ms
45ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.criticalstart.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 874
access-control-allow-origin: *
cdn-cachedat: 03/12/2022 17:50:55
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.02
timing-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: W/"2f624089c65f12185e79925bc5a7fc42"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: c56dca7cdcb976e1ca8e2fbaf86dd6f4
cf-ray: 6f84dc61ab9b01f0-ZRH
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.css
security.criticalstart.com/rs/586-OQG-630/images/ 137 KB
27 KB 195ms
191ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/1.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a555f9e6f0e134af68f2357d2e39f024e9dc304b7301d764152c4d31808d8123

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:23 GMT
server: cloudflare
etag: "c2066b-22553-5d9fea1d800bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc61793c9273-FRA
content-length: 27117
expires: Thu, 07 Apr 2022 18:36:03 GMT

GET
H2 200 2.css
security.criticalstart.com/rs/586-OQG-630/images/ 2 KB
565 B 201ms
198ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/2.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34f6009e23bc9b5562767389039c54f6bdf4976b46af3f38b3676d43602c5d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:23 GMT
server: cloudflare
etag: "c2066c-66a-5d9fea1d86a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc6179429273-FRA
content-length: 480
expires: Thu, 07 Apr 2022 18:36:03 GMT

GET
H2 200 3.css
security.criticalstart.com/rs/586-OQG-630/images/ 145 KB
21 KB 938ms
936ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/3.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d896655026aa3cd893cf1f255d8a3067b944c4d31cef820d268f8d15aeefdbfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:23 GMT
server: cloudflare
etag: "c2066d-242ec-5d9fea1d9a2bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc6179439273-FRA
content-length: 20997
expires: Thu, 07 Apr 2022 18:36:03 GMT

GET
H2 200 4.css
security.criticalstart.com/rs/586-OQG-630/images/ 137 KB
27 KB 222ms
219ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/4.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a555f9e6f0e134af68f2357d2e39f024e9dc304b7301d764152c4d31808d8123

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:24 GMT
server: cloudflare
etag: "c2066e-22553-5d9fea1dbdd10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc6179459273-FRA
content-length: 27117
expires: Thu, 07 Apr 2022 18:36:03 GMT

GET
H/1.1 200
OK ie10-viewport-bug-workaround.js Show response
templates.marketo.net/template1/js/ 694 B
982 B 415ms
24ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://templates.marketo.net/template1/js/ie10-viewport-bug-workaround.js
Requested by: Host: security.criticalstart.com
URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ce01c41255d7e61cc44e865184559085737a98cf6911ef67f915692152b88852

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 18:35:03 GMT
Last-Modified: Thu, 28 May 2015 00:15:45 GMT
Server: AkamaiNetStorage
ETag: "b5a0dd7ce1f7c1c6b80b5abe13308dd2:1432772145"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 694

GET
H2 200 cs-logo-official-color.png
security.criticalstart.com/rs/586-OQG-630/images/ 9 KB
9 KB 186ms
183ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-logo-official-color.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bff02ad18694224154604dfd3ef68fcdaf2851809ee163f1f004c31c280b202a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 29 Mar 2022 21:07:30 GMT
server: cloudflare
etag: "c206d9-22b5-5db61d11d9d65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d6a9273-FRA
content-length: 8885
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 forms2.min.js Show response
security.criticalstart.com/js/forms2/js/ 205 KB
68 KB 505ms
505ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "9c03d9-3326e-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 6f84dc641f309273-FRA
expires: Thu, 07 Apr 2022 22:35:04 GMT

GET
H2 200 fff
dummyimage.com/170x170/ccc/ 365 B
711 B 128ms
64ms Image
image/png 2606:4700:3030::6815:4ee6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dummyimage.com/170x170/ccc/fff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:4ee6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

264bb2e466c8627fa4f92be5aad9b1ba5610175319eb92992505c4d5b194990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13216
x-powered-by: WordOps
cf-ray: 6f84dc67dc3373d3-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 365
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 05 Jan 2022 12:35:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQWNqOjTkfjH2mhx2jUmMY9N8nmnIAeSXL60POrXImZTYIvg9fE3mPVVrjVb36dh41L7a5Z7ereLGhU%2FDPoz0KT5zCsCS74wrWqwU1Fx57KZZdgv%2BPG8wAdVidadY9cl4Cs5VbbhIGoLXSDQ9A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-download-options: noopen
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=7776000
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Tue, 05 Apr 2022 12:35:40 GMT

GET
H2 200 fff
dummyimage.com/1182x270/ccc/ 3 KB
4 KB 98ms
35ms Image
image/png 2606:4700:3030::6815:4ee6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dummyimage.com/1182x270/ccc/fff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:4ee6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

f55bf77900524bccdacac1e619ef30c978078f6d303a142689bf6b726b9dff76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13216
x-powered-by: WordOps
cf-ray: 6f84dc67dc3673d3-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3510
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Fri, 07 Jan 2022 11:37:13 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyFwW42FrjVOyMHBSl6GevrdmrDRdBZsatf88WdQTjdVBJOMJpJs0Y4EmytpvqFAcmFBYsg13GQkWjAZk5E9evRSsO%2FH5SebWNVYG0i0Gctk99ScVqbgFrNiHvZ5CmIZ03BIMfbCYJSVyVKZYA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-download-options: noopen
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=7776000
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Thu, 07 Apr 2022 11:37:13 GMT

GET
H2 200 fff
dummyimage.com/300x200/ccc/ 802 B
1 KB 280ms
217ms Image
image/png 2606:4700:3030::6815:4ee6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dummyimage.com/300x200/ccc/fff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:4ee6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

4c81f96fc0003060718d96048ac2d72bbcf9ac4272c73876bdbd6b373046178a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
cf-ray: 6f84dc67dc3773d3-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 802
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 06 Apr 2022 19:43:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2B67FFG8by87Debr0ykqGwePFn8L0UUcS9EvLUkg%2BbfLMPV%2BM1A9O6Q1CPC5tWFyqxijup%2FRVkeoHZlTKKDop4BTiJX%2FDZPTHRPofdojcScnTdifata86HCkfLkmcX9jLVxa3j9V%2FnD%2FR4lUDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-download-options: noopen
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=7776000
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Tue, 05 Jul 2022 19:43:11 GMT

GET
H2 200 CriticalStart-Logo-Black-ai1.png
security.criticalstart.com/rs/586-OQG-630/images/ 4 KB
4 KB 196ms
193ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/CriticalStart-Logo-Black-ai1.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c534c2efd819a2ab9a54c91354e61fc0617f0c8b701f4882525f31758db9a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 14:59:00 GMT
server: cloudflare
etag: "c20677-10b6-5da06aff65611"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d6c9273-FRA
content-length: 4278
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 cs-social-bw-fb.png
security.criticalstart.com/rs/586-OQG-630/images/ 2 KB
3 KB 208ms
205ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-fb.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fb8a441ee24ed58d25bd23708795d278727d98b5724eb665c43128614dfb3e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 14:59:00 GMT
server: cloudflare
etag: "c20678-9ea-5da06aff67169"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d6e9273-FRA
content-length: 2538
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 cs-social-bw-twitter.png
security.criticalstart.com/rs/586-OQG-630/images/ 2 KB
2 KB 514ms
512ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-twitter.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c201615347b11756bf862062d0853346ffb726d8d10a7db7c04a1117c1528630

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 14:59:00 GMT
server: cloudflare
etag: "c2067a-901-5da06aff88c7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d729273-FRA
content-length: 2305
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 cs-social-bw-li.png
security.criticalstart.com/rs/586-OQG-630/images/ 3 KB
3 KB 211ms
209ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-li.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6e2657ce919d37af18e24e1462f5fa32dae70a4e3cdb5b384e62b70717d53d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 14:59:00 GMT
server: cloudflare
etag: "c20679-a75-5da06aff68cc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d769273-FRA
content-length: 2677
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 cs-social-bw-youtube.png
security.criticalstart.com/rs/586-OQG-630/images/ 2 KB
2 KB 191ms
190ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-youtube.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe82c97afe385688e2751e5c7ac9dcd5c6fd8044cd548903852fa702d4868f1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 18:24:55 GMT
server: cloudflare
etag: "c2067b-931-5da0990635451"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d799273-FRA
content-length: 2353
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 cs-social-bw-insta.png
security.criticalstart.com/rs/586-OQG-630/images/ 3 KB
3 KB 540ms
539ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-insta.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

405a14afba30a23f445d73700eda94eabb52d2ab3bf81d156901be8f61210baa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 14:59:00 GMT
server: cloudflare
etag: "c20676-d11-5da06aff65611"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d7a9273-FRA
content-length: 3345
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 1.js Show response
security.criticalstart.com/rs/586-OQG-630/images/ 91 KB
32 KB 191ms
191ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/1.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3227c1f0bd7127f9b7fd63630f1868bd5c865be599bf536355d63222b353c197

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:24 GMT
server: cloudflare
etag: "c20670-16bb7-5d9fea1df6b41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc675d4a9273-FRA
content-length: 32811
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 2.js Show response
security.criticalstart.com/rs/586-OQG-630/images/ 35 KB
9 KB 596ms
594ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/2.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6447e59227786bcda7ad58ef045540cba328e5ec0e5ddbd88b4f57122feaf926

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:24 GMT
server: cloudflare
etag: "c20671-8c75-5d9fea1df9639"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d599273-FRA
content-length: 9546
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 3.js Show response
security.criticalstart.com/rs/586-OQG-630/images/ 4 KB
1 KB 489ms
485ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/3.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

366bb852817c89cb49c89f9a573b7851a37d9d046b526f3daf8c8c3f76c8a756

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 12 Mar 2022 05:22:24 GMT
server: cloudflare
etag: "c20672-102f-5d9fea1e0fd9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc676d609273-FRA
content-length: 1434
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net// 1 KB
1 KB 75ms
24ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net//munchkin.js
Requested by: Host: security.criticalstart.com
URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 18:35:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 stripmkttok.js Show response
security.criticalstart.com/js/ 2 KB
835 B 489ms
486ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/js/stripmkttok.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "960374-602-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6f84dc676d649273-FRA
content-length: 678
expires: Thu, 07 Apr 2022 22:35:04 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
839 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600,400,300italic

Requested by

Host: security.criticalstart.com
URL: https://security.criticalstart.com/rs/586-OQG-630/images/1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

96ca7cf6e9ed963b2506a22f5fd5591a1e9f7aac3acf3b52d7dc83eec8f0ffcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 18:35:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 07 Apr 2022 18:35:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Apr 2022 18:35:03 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
536 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,600,300italic

Requested by

Host: security.criticalstart.com
URL: https://security.criticalstart.com/rs/586-OQG-630/images/1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6fe492e4b5de167afde35c3771d71acdf29581faeda76cd51b58f35192dfb460

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 18:35:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 07 Apr 2022 18:35:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Apr 2022 18:35:03 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 258 KB
78 KB 49ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1425228f124c17d9df4e8bc54e3ff8201c21ca463771dcdeda956614b5744c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79025
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 07 Apr 2022 18:35:04 GMT

GET
H2 200 CS_Webinar_M365D%20and%20MDR_LP%20Header_032822.png
security.criticalstart.com/rs/586-OQG-630/images/ 688 KB
689 KB 200ms
200ms Image
image/png 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://security.criticalstart.com/rs/586-OQG-630/images/CS_Webinar_M365D%20and%20MDR_LP%20Header_032822.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e3e6f99a7f05a7e1e02e018a038664ba1d5e39e730024de07951e5b6e2e5e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 28 Mar 2022 19:13:26 GMT
server: cloudflare
etag: "c206d0-abfb5-5db4c1b571d4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 6f84dc677d809273-FRA
content-length: 704437
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 88725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 17:56:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 32ms
9ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 01:46:21 GMT
x-content-type-options: nosniff
age: 578923
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Apr 2023 01:46:21 GMT

GET
H2 200 KFOkCnqEu92Fr1MmgVxIIzI.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 38ms
15ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOkCnqEu92Fr1MmgVxIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22482584aeaa7b1d74de072793246c65e38b402ac231f38bb0d9102802543230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 08:04:00 GMT
x-content-type-options: nosniff
age: 210664
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15712
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 05 Apr 2023 08:04:00 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 36ms
13ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 01:22:36 GMT
x-content-type-options: nosniff
age: 580348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Apr 2023 01:22:36 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 46ms
16ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
fastly-original-body-size: 5410
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000074-IAD, cache-fra19173-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 60ms
36ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

7ce02e0f563c14e7fd2d3249c13317e74fef66108f27096bf04a04552aa0c99c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14886
x-xss-protection: 0
server: cafe
etag: 11980861724045072707
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 07 Apr 2022 18:35:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1818
date: Thu, 07 Apr 2022 18:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 07 Apr 2022 20:04:46 GMT

GET
H2 200 hotjar-2527307.js Show response
static.hotjar.com/c/ 4 KB
2 KB 57ms
41ms Script
application/javascript 108.138.17.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2527307.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.17.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-17-88.fra56.r.cloudfront.net

Software

Resource Hash

9a158fe522ab04c091ffd4d359a75501530612950002921d8f515264fa7771f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P7
x-cache-hit: 1
etag: W/d65c26cb82b7a279a7c27cd970f5f0f2
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
content-length: 1869
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
x-amz-cf-id: HCmW2htkz_y5VbZI2fvW5pBuJOzr8MRA2ApBH4lm7b90kp_bz_sxew==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 64ms
15ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dcd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dcd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 18:35:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=18424
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H3

200

activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-... Show response
11725758.fls.doubleclick.net/ Frame 3989
Redirect Chain

https://11725758.fls.doubleclick.net/activityi;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FW...
https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2...

690 B
574 B

36ms
19ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

752544b2b163da4740e8bada2a0d71e945c2ba4c95f3c85c198f838176fb5bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-20... Show response
11725758.fls.doubleclick.net/ Frame 8270
Redirect Chain

https://11725758.fls.doubleclick.net/activityi;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR...
https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%...

688 B
574 B

34ms
20ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

167a9600546116fbaf3196d1f265354a0ac7ca10cab6101abad1c4242befef75

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 53ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 04AE459F94FA4299890E2A0BBF8FAFEE Ref B: FRAEDGE1512 Ref C: 2022-04-07T18:35:04Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 07 Apr 2022 18:35:03 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 25ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: mkto-sj200229.com
URL: https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: m/WuF+mC4jOuOmUgtYCTRYD3Xb3YrHhLvyhVlhNGV0zHCpzS5Tj/jv3OIR+e+/2miQLO/JQdwrcWw2/0oKKthA==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 07 Apr 2022 18:35:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 27ms
8ms Script
application/javascript 143.204.101.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: mkto-sj200229.com
URL: https://mkto-sj200229.com/NTg2LU9RRy02MzAAAAGDpDjQW3GOStqbL-5akRgTTGh9Y4l34mLPK8Mp3OdsZHwXZP4oDGTJvaYrxjNytm9qYcPGnkk=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-136.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2ef6b24ec78bb3ac4bdfa91d2abf4d9f2d4b543ad54c411d50e4307fc8677110

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:15:02 GMT
content-encoding: gzip
last-modified: Tue, 01 Mar 2022 22:59:53 GMT
server: AmazonS3
age: 1206
etag: W/"eb0a40c00c97d9640177205882172295"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: qiD_s-e6Fmk3puEslbhfwSH0zZ2t3Nk1MoE1OS-Y0kat_wX82uvEmw==

GET
H2 200 4027460.js Show response
js.hs-scripts.com/ 1 KB
968 B 545ms
495ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/4027460.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72d16005c1174b5d9dc0cc382d47fdf51bcbe92df30811a3468c531f02117138

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 6241908a-547d-4fab-b899-fe09fdd0b668
last-modified: Thu, 07 Apr 2022 18:33:47 GMT
server: cloudflare
x-trace: 2B7317B0F7B6CA2FA593A9D94E78D050EE133201E7000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://security.criticalstart.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6f84dc68a86001eb-ZRH
expires: Thu, 07 Apr 2022 18:36:04 GMT

GET
H2 200 swap.js Show response
cdn.calltrk.com/companies/810074179/3c4764ebe71efdce84ab/12/ 32 B
312 B 333ms
121ms Script
text/javascript 52.6.108.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.calltrk.com/companies/810074179/3c4764ebe71efdce84ab/12/swap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.6.108.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-108-254.compute-1.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-runtime: 0.014994
date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
etag: W/"d18beba8a6db32dd84b24258cf6542ac"
content-type: text/javascript; charset=utf-8
status: 200 OK
cache-control: max-age=3600, public
timing-allow-origin: *
x-request-id: 3b8f91e4-2caf-48fb-8182-cf446606ff51

GET
H2 200 up.js Show response
up.pixel.ad/assets/ 3 KB
2 KB 27ms
8ms Script
application/javascript 178.79.242.181
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://up.pixel.ad/assets/up.js?um=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-181.fra.llnw.net
Software: AC1.1 /
Resource Hash: 25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 16:22:21 GMT
server: AC1.1
age: 268082
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1550
x-llid: 377004d7ccffa81298f86013b6a73040

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 63ms
21ms Script
application/x-javascript 18.66.3.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-58BLL4F
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.3.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-3-117.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 03:25:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 54588
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 547a0375ec02f9b604ed007303b6266a.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: d4r8polAo7TGDtrsQuwe_VKiWnh14_gmHmTa94013sffqoF0n-PRbw==

GET
H2 200 forms2.css
security.criticalstart.com/js/forms2/css/ 13 KB
3 KB 651ms
650ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/js/forms2/css/forms2.css

Requested by

Host: security.criticalstart.com
URL: https://security.criticalstart.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
vary: Accept-Encoding
content-length: 2623
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "9801a1-3437-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6f84dc684f219273-FRA
expires: Thu, 07 Apr 2022 22:35:04 GMT

GET
H2 200 forms2-theme-simple.css
security.criticalstart.com/js/forms2/css/ 826 B
366 B 496ms
496ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://security.criticalstart.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: security.criticalstart.com
URL: https://security.criticalstart.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 07 Mar 2022 19:28:07 GMT
server: cloudflare
etag: "980189-33a-5d9a5dd2b7fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6f84dc684f259273-FRA
content-length: 242
expires: Thu, 07 Apr 2022 22:35:04 GMT

GET
H2 200 F2sepCUnENg Show response
www.youtube.com/embed/ Frame 5BEE 60 KB
26 KB 97ms
72ms Document
text/html 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/F2sepCUnENg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a053476056391580b7951c1a95fc3feb099065e25d589d7be36d8ad20d53af7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://security.criticalstart.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 25ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 17:58:32 GMT
x-content-type-options: nosniff
age: 88592
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 17:58:32 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 27ms
11ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 13:17:51 GMT
x-content-type-options: nosniff
age: 537433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15724
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 01 Apr 2023 13:17:51 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 31ms
15ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=858922318&t=pageview&_s=1&dl=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&dr=https%3A%2F%2Fmkto-sj200229.com%2F&ul=en-us&de=UTF-8&dt=CriticalStart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=494399017&gjid=586464025&cid=711774165.1649356504&tid=UA-26371505-1&_gid=1041779360.1649356504&_r=1&gtm=2wg3u058BLL4F&z=1479049275

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.criticalstart.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://security.criticalstart.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
338 B 152ms
129ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o16zh&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2aefc7c1-9682-4d0f-947e-8bd83a549f0e&tw_document_href=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 109
date: Thu, 07 Apr 2022 18:35:04 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0cb2887d73f05585ef81fff0d013e53fd587cb2a3f1acb96f592730cba6ec065
content-length: 43

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
824 B 165ms
144ms Fetch
application/json 104.26.10.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&s=141029

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.16 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548b717c8bde2898b3267fee339072b8cecbabf0a78d2af04358fd7007dcf463

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://security.criticalstart.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1p%2Fvbgdo4ZRAyL715ad8H%2FzD8IbvLlxGQ86op502UJtPm6ep9viQW5PvdN%2F8lkxPg56VfkpCFKEdV58vV8kh4ex56f2GOJMsF923X29Cw9rDheL%2F3ovj%2FT1gKGiRLT2ktJd6vNtDxN6cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6f84dc6899cc915e-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 modules.9beafb9ca96c2f868fe2.js Show response
script.hotjar.com/ 236 KB
62 KB 31ms
11ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2527307.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 16:20:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 180898
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63051
access-control-allow-origin: *
last-modified: Tue, 05 Apr 2022 16:20:05 GMT
etag: "74214ff5f7e679f43ba048194d7bf23c"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P4
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: j-dTzNGgyK5J_axMZXQsusZ-VE1ZSPsv5FQNbOe0Wqb5xwt-YJ-HeA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNT...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2305898%26time%3D1649356504395%26url%3Dhttps%253A%252F%252Fsecurity.criticalstart...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNT...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DN...

0
264 B

203ms
184ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&liSync=true&e_ipv6=AQIGCPTuFr4w7AAAAYAFTv99Ru59rBuvwW6LvcyfEcUNs0d8M1jSeJuqqQgmaYKIkDMhMbU4GNBr5WomkPyva3uvdSSs
Requested by: Host: security.criticalstart.com
URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-li-pop: afd-prod-ltx1
x-msedge-ref: Ref A: 3DE7E0E9548649DF8AEAAC3608B1F9B3 Ref B: FRAEDGE1421 Ref C: 2022-04-07T18:35:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: nmoUtACx4xbQ7TZuXisAAA==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-li-pop: afd-prod-ltx1
x-msedge-ref: Ref A: E2319602CFE94173A3A056D70DFA57CB Ref B: FRAEDGE1121 Ref C: 2022-04-07T18:35:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2305898&time=1649356504395&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&liSync=true&e_ipv6=AQIGCPTuFr4w7AAAAYAFTv99Ru59rBuvwW6LvcyfEcUNs0d8M1jSeJuqqQgmaYKIkDMhMbU4GNBr5WomkPyva3uvdSSs
x-li-proto: http/2
content-length: 0
x-li-uuid: 0+goqQCx4xZwRTAD7yoAAA==

GET
H3 200 614968495594555 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 64ms
54ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/614968495594555?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a3fa7f67051eaf973b5d540a983e99ded68aee41ebeda83a7c965fdc1162a28d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: tcw3TX8mrEuumQV6ZcVIk7GmiO0di9tUxRW9CNOLUPlWBvK9q/PkeXilM75OTGCwO/Vn5nniSM24NK7JnqGJqA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 07 Apr 2022 18:35:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/764570454/ 3 KB
2 KB 49ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/764570454/?random=1649356504410&cv=9&fst=1649356504410&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&ref=https%3A%2F%2Fmkto-sj200229.com%2F&tiba=CriticalStart&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e3932e42957ba38915b760c33ece2c0acce6d41d3cd767025918149f1aac9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1195
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 146000318.js Show response
bat.bing.com/p/action/ 0
117 B 241ms
240ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/146000318.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B145BD03E31414F979BBE6324D7B0A4 Ref B: FRAEDGE1512 Ref C: 2022-04-07T18:35:04Z
date: Thu, 07 Apr 2022 18:35:04 GMT
x-cache: CONFIG_NOCACHE

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
449 B 65ms
18ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-26371505-1&cid=711774165.1649356504&jid=494399017&gjid=586464025&_gid=1041779360.1649356504&_u=YEBAAEAAAAAAAC~&z=2090818693

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://security.criticalstart.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 07 Apr 2022 18:35:04 GMT
content-type: text/plain
access-control-allow-origin: https://security.criticalstart.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSF... Show response
adservice.google.com/ddm/fls/i/ Frame A746 689 B
615 B 77ms
49ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Host: 11725758.fls.doubleclick.net
URL: https://11725758.fls.doubleclick.net/activityi;dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9151b7c0579bbb661e7aaa71e3090a0638472b5671b2e422dccca46fcd089969

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://11725758.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-... Show response
adservice.google.com/ddm/fls/i/ Frame 8CE9 687 B
1018 B 75ms
48ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Host: 11725758.fls.doubleclick.net
URL: https://11725758.fls.doubleclick.net/activityi;dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a62d0b53c5b884944d9c0f4822c3db268342c7ae6733727565b627062da259c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://11725758.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 www-player.css
www.youtube.com/s/player/689586e2/ Frame 5BEE 346 KB
46 KB 22ms
7ms Stylesheet
text/css 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

924d56b948a5e7b6dbec58c81f4b620607ddbd7a5c7ea1243bd38a4b3246b2b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47442
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:21 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/689586e2/www-embed-player.vflset/ Frame 5BEE 278 KB
86 KB 31ms
16ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37217c0fb4c47ca98a1cccd7b96e29b09c1c7e9dabf2a2b37c4bfbd421093db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87854
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:21 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/ Frame 5BEE 2 MB
525 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8946c23d8ebf3f0dfed2646d99c54c27688aed362292edb30200e3deb8ebf42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 537507
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:58 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/689586e2/fetch-polyfill.vflset/ Frame 5BEE 9 KB
3 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:21 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/764570454/ 42 B
548 B 59ms
34ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/764570454/?random=1649356504410&cv=9&fst=1649354400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&frm=0&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&ref=https%3A%2F%2Fmkto-sj200229.com%2F&tiba=CriticalStart&async=1&fmt=3&is_vtc=1&random=1496814297&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/764570454/ 42 B
548 B 60ms
35ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/764570454/?random=1649356504410&cv=9&fst=1649354400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg3u0&sendb=1&frm=0&url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&ref=https%3A%2F%2Fmkto-sj200229.com%2F&tiba=CriticalStart&async=1&fmt=3&is_vtc=1&random=1496814297&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5BEE 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 178103
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 05 Apr 2023 17:06:41 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
410 B 43ms
24ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=614968495594555&ev=PageView&dl=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&rl=https%3A%2F%2Fmkto-sj200229.com%2F&if=false&ts=1649356504504&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1649356504502.1444286053&it=1649356504408&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 07 Apr 2022 18:35:04 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 62ms
61ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-26371505-1&cid=711774165.1649356504&jid=494399017&_u=YEBAAEAAAAAAAC~&z=1843816294

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 62ms
61ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-26371505-1&cid=711774165.1649356504&jid=494399017&_u=YEBAAEAAAAAAAC~&z=1843816294

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-... Show response
adservice.google.de/ddm/fls/i/ Frame 4248 194 B
242 B 83ms
53ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COL8s-TLgvcCFdpCHQkdIKEOqw;src=11725758;type=level0;cat=sitet0;ord=1;num=221551870014;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Thu, 07 Apr 2022 18:35:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSF... Show response
adservice.google.de/ddm/fls/i/ Frame B2D2 194 B
870 B 80ms
51ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COr3s-TLgvcCFYYUGwodcXUKow;src=11725758;type=level00;cat=secur0;ord=1;num=4103641655548;gtm=2wg3u0;auiddc=238549165.1649356504;~oref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 18:35:04 GMT
expires: Thu, 07 Apr 2022 18:35:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 5BEE
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

17ms
16ms

XHR
application/json

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg

Protocol

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38d008e16a1825032b196987b75c1de65de95b15d10dada537705e832de8bdd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 07 Apr 2022 18:35:04 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 5BEE 29 B
588 B 40ms
9ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:23:11 GMT
x-content-type-options: nosniff
age: 713
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 07 Apr 2022 18:38:11 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 42ms
17ms Preflight
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 07 Apr 2022 18:35:04 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 5BEE 45 KB
22 KB 38ms
22ms XHR
application/json+protobuf 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

29dbff6052571a900cf7dd68cfead4f7f992beda1f5faa0d2f535b44b437c17c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 22283
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/ Frame 5BEE 119 KB
37 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f92dddc043ca7c228d6848ca537b97fab601aad0663aa2c144595810c888a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99485
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37725
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:59 GMT

GET
H3 200 s8EGneP7UUmAImXFT6e4tOuRTySRdivgljXd2wrnOoY.js Show response
www.google.com/js/th/ Frame 5BEE 35 KB
13 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/s8EGneP7UUmAImXFT6e4tOuRTySRdivgljXd2wrnOoY.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3c1069de3fb5149802265c54fa7b8b4eb914f2491762be09635dddb0ae73a86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 05:08:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 134806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 05:08:18 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/ Frame 5BEE 27 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ca24ab7851070d77c39c913b2fca110d3985cce2d5cb66159b53729009c3f4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 14:56:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8164
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:17:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 06 Apr 2023 14:56:58 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 5BEE 4 KB
3 KB 53ms
31ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Apr 2022 18:35:04 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 5BEE 0
9 B 8ms
6ms Image
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?wTOYIw
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/F2sepCUnENg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/F2sepCUnENg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/100/ Frame 5BEE 52 KB
15 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/100/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30b6e85cb864024d05a4778952ea29bc0612dc2f73e68354ae9ac3375eab7132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21635
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15463
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 16:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 08 Apr 2022 12:34:29 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 26ms
26ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net//munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 18:35:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Sat, 16 Jul 2022 18:35:04 GMT

GET
H2 403 adsct
analytics.twitter.com/i/ 0
0 139ms
114ms Script
text/plain 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o16zh&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2aefc7c1-9682-4d0f-947e-8bd83a549f0e&tw_document_href=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 107
date: Thu, 07 Apr 2022 18:35:04 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: f349e05bca2239ae754550603ed1a56163287263f65306821c0037deac29189e
content-length: 0
strict-transport-security: max-age=631138519

GET
H2 204 0
bat.bing.com/action/ 0
175 B 35ms
35ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=146000318&tm=gtm002&Ver=2&mid=8f0081eb-5f4c-4005-a0b4-ad523b13aefe&sid=71554c80b6a111ecb63dd32d7a969c4c&vid=71556ef0b6a111ecb5c0c126a94d84ba&vids=1&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=CriticalStart&p=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&r=https%3A%2F%2Fmkto-sj200229.com%2F&lt=2189&evt=pageLoad&msclkid=N&sv=1&rn=514983

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C077188C66E544BBBE0D7435084C4440 Ref B: FRAEDGE1512 Ref C: 2022-04-07T18:35:04Z
date: Thu, 07 Apr 2022 18:35:04 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 534 KB
87 KB 248ms
218ms Script
application/javascript 2606:4700::6811:e8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4027460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221

Request headers

Referer: https://security.criticalstart.com/
Origin: https://security.criticalstart.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
via: 1.1 4a050b98a443ca2d3af477f9b4dc39ae.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: MISS
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js&cfRay=6f84dc6bfbc601fc-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6f84dc6bfbc601fc-ZRH
last-modified: Tue, 01 Mar 2022 09:57:40 UTC
server: cloudflare
etag: W/"57a8210ba9519a68ae76dcc1857db0f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: qE7M39zrJ2dCa.o34UdW.NnTPVZDG9U3
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 5CkKcV6cBpfUEYpYy38DwHzn3JcKyWuMa_nvuh5-AXlIZQj_v4sVeA==
x-hs-target-asset: lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js

GET
H2 200 4027460.js Show response
js.hs-banner.com/ 61 KB
16 KB 69ms
39ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/4027460.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4027460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dc082d19bb80a5539b425584dfd2816439d89938dd495c9c9cab8cf4239b416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 77
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: 1TDTRGS6RJ2MA4B0
x-amz-id-2: yBMvDGsoMHe3EVBK3vCXdumEcgvi/0BAip7KR02kPC4oWCPqHJpgxk+TKyLptejDRh1MQAvFP1g=
timing-allow-origin: *
last-modified: Fri, 01 Apr 2022 15:34:45 GMT
server: cloudflare
etag: W/"9e2975ded729d9ce685bbcc8019ebd48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: G42hZCy78PeRTG0kPLosEB34MsY.OUJY
access-control-allow-origin: https://www.criticalstart.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6f84dc6bfdd401e3-ZRH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 07 Apr 2022 18:38:47 GMT

GET
H2 200 4027460.js Show response
js.hs-analytics.net/analytics/1649356500000/ 62 KB
20 KB 65ms
31ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1649356500000/4027460.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4027460.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdd990780e599b36cf461325d49dcc63c55e17e37d91c6d8db0173a764c79c19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 77
x-amz-server-side-encryption: AES256
x-amz-request-id: 1TDK8XCRDM5R30HS
x-amz-id-2: iqaPNSAq4EbhZ8ckVTCiL1Po+hgukLJ1GDpdB4w0uc/DhI2z8rcFLdxI5P40Xaqmfr2551l2wHA=
last-modified: Fri, 01 Apr 2022 15:34:47 GMT
server: cloudflare
etag: W/"b3b948a8449f128c4f3e277643ff8840"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-ray: 6f84dc6c088401f8-ZRH
expires: Thu, 07 Apr 2022 18:38:47 GMT

POST
H/1.1 200
OK visitWebPage
586-oqg-630.mktoresp.com/webevents/ 2 B
311 B 646ms
163ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://586-oqg-630.mktoresp.com/webevents/visitWebPage?_mchNc=1649356504923&_mchCn=WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page&_mchId=586-OQG-630&_mchTk=_mch-criticalstart.com-1649356504923-55871&mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&_mchWs=j1RR&_mchHo=security.criticalstart.com&_mchPo=&_mchRu=%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fmkto-sj200229.com%2F&_mchQp=mkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Thu, 07 Apr 2022 18:35:05 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 37b1cc99-84d8-469d-ad3d-e949f6b1b223

GET
H2 200 box-acca23410e696f2ca3087d947271c3d0.html Show response
vars.hotjar.com/ Frame F2C0 2 KB
1 KB 31ms
9ms Document
text/html 108.157.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2527307.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-53.dus51.r.cloudfront.net
Software: /
Resource Hash: e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Referer: https://security.criticalstart.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5391778
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 04 Feb 2022 08:52:06 GMT
etag: "6f65fac4e8efe167ff5132c0c54c5729"
last-modified: Fri, 04 Feb 2022 08:51:39 GMT
vary: Accept-Encoding
via: 1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-amz-cf-id: 1I1yIH2qo0h-HHT1UVeXMrWUcZ5A0qb8cdopR5r6gxxqGxRrACfZvA==
x-amz-cf-pop: DUS51-P2
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 5BEE 98 B
142 B 18ms
18ms XHR
application/json+protobuf 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6c349fbb2f88ef013c637ec5c673ad007667a78fd3c11c4256c9356a9e9887f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 07 Apr 2022 18:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 118
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 16ms
15ms Preflight
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 07 Apr 2022 18:35:04 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2527307/ 147 B
322 B 106ms
40ms XHR
application/json 52.209.39.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2527307/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.39.13 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-39-13.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c7f64f0b138aca223bf8acd051ceb7cb7088b28d6604c39d534eecbcdd2bef62

Request headers

Referer: https://security.criticalstart.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 content Show response
ws9.hotjar.com/api/v2/sites/2527307/recordings/ 66 B
259 B 285ms
79ms XHR
application/json 54.78.65.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws9.hotjar.com/api/v2/sites/2527307/recordings/content
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.65.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-65-25.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b6a45d61605255e5b338ead5555402803d17ded58f7f0af029f8618e1b267c9c

Request headers

Referer: https://security.criticalstart.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=614968495594555&ev=PageView&dl=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&rl=https%3A%2F%2Fmkto-sj200229.com%2F&if=false&ts=1649356505247&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1649356504502.1444286053&it=1649356504408&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 07 Apr 2022 18:35:05 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
972 B 209ms
173ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=4027460&r=https%3A%2F%2Fmkto-sj200229.com%2F&pu=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&t=CriticalStart&cts=1649356505254&vi=2afe05a316db7ad8bb26b04e233ffb6a&nc=true&u=191102197.2afe05a316db7ad8bb26b04e233ffb6a.1649356505250.1649356505250.1649356505250.1&b=191102197.1.1649356505251&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: b0648946-8bf6-4e32-b5e7-3d77331d622f
cf-ray: 6f84dc6e2e95cc46-ZRH
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmG9L8UKBvujt9hKoX%2FS2wxjqKVzyQvkmbhRVxvSFcjw7A0LaDi8FwoR5kpydHAGAw73cao7%2FHxDvEUc%2FERczmXg5VhBoN%2BqGCd6FODH%2F%2FQP15TQI7qXd9UnAcUoN1bZwMRVy%2BxXtxY%2F5%2F4FUy8s"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 526B 0
182 B 105ms
39ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=nxrbkqx&ref=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&upid=04s3ypm&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://security.criticalstart.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Thu, 07 Apr 2022 18:35:05 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 167 B
1 KB 314ms
178ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=4027460&utk=2afe05a316db7ad8bb26b04e233ffb6a&__hstc=191102197.2afe05a316db7ad8bb26b04e233ffb6a.1649356505250.1649356505250.1649356505250.1&__hssc=191102197.1.1649356505251&referrer=https%3A%2F%2Fmkto-sj200229.com%2F&currentUrl=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85284d8d7b6a78b177f560abc2f495c32bbe3bf74c6ee6e95c6a200acee3aa83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 3ab97814-a261-4224-8f63-fcd3d8d2b257
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyW8WJOfPibdUyer7%2FrgZYKmKRuppZeCfDR%2FYJSmpM1EgHMlFd3lPezOgUPk9QtnEk8JjMbuu0%2BWq9QQS1cQ2DzTmV4opppLE%2BEt03IZAZ2JnI%2FZp8oIEQ8sgfKDRops%2B2W5uKz%2B%2FfVnOYwfKTT2"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://security.criticalstart.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6f84dc6f3fa70208-ZRH
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2527307/ 147 B
321 B 39ms
39ms XHR
application/json 52.209.39.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2527307/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.39.13 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-39-13.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c7f64f0b138aca223bf8acd051ceb7cb7088b28d6604c39d534eecbcdd2bef62

Request headers

Referer: https://security.criticalstart.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 07 Apr 2022 18:35:05 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 asyncPixelSync
pixel.sitescout.com/dmp/ Frame C65B 0
0 60ms
27ms Document
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: security.criticalstart.com
URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash

Request headers

Referer: https://security.criticalstart.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
date: Thu, 07 Apr 2022 18:35:05 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: AC1.1

GET
H2 200 1e27e20e824cf21d
pixel.sitescout.com/up/ 43 B
267 B 84ms
28ms Image
image/gif 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/1e27e20e824cf21d?cntr_url=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 18:35:04 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 9ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=614968495594555&ev=Microdata&dl=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html&rl=https%3A%2F%2Fmkto-sj200229.com%2F&if=false&ts=1649356506043&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22CriticalStart%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=2&o=30&fbp=fb.1.1649356504502.1444286053&it=1649356504408&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://security.criticalstart.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 18:35:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 07 Apr 2022 18:35:06 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 5BEE 28 B
54 B 22ms
22ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/689586e2/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/F2sepCUnENg
X-YouTube-Client-Version: 1.20220405.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtBTWJvSVV5SHp2TSjY3bySBg%3D%3D
X-YouTube-Ad-Signals: dt=1649356504636&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 07 Apr 2022 18:35:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 07 Apr 2022 18:35:06 GMT

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mkto-sj200229.com/	1970-01-20 02:09:18	Name: __cf_bm Value: MmU75KwqviCE0Xf1vsSToiBTl2_NJorQ9ki5kan.1mc-1649356502-0-AWniQHVyO7SA2Qq95ZqVBAi7/ok1i+fUchvHxt46nnsw5MYY0XS2kXGMjyW+TEdzwPl3t1trHEoWw+P+G0WCW0g=
security.criticalstart.com/	1969-12-31 23:59:59	Name: BIGipServersj20web-nginx-app_https Value: !x9CMFUYApeUl1DQZpELS1flvGHm9g+Soop39cV9mOgFz8CLBBhf6XB1J5Tx49X4Hup6qqHSgA4h1Ev0=
.security.criticalstart.com/	1970-01-20 02:09:18	Name: __cf_bm Value: 0hBJI8nkkvpIKGhNzoXNcD03yKHoaGP3uJtOD3Pqusk-1649356503-0-ASqiyYbJZbWvgmVieerK5davJVU1gTsZRnhYWwjPj27yBAe3hrv5vkvBr/mfGVhXeHpJeSlaIOc6gPldVnmkfls=
.criticalstart.com/	1970-01-20 04:18:52	Name: _gcl_au Value: 1.1.238549165.1649356504
.criticalstart.com/	1970-01-20 19:26:04	Name: traffic_source Value: mkto-sj200229.com/
.criticalstart.com/	1970-01-20 19:40:28	Name: _ga Value: GA1.2.711774165.1649356504
.criticalstart.com/	1970-01-20 02:10:42	Name: _gid Value: GA1.2.1041779360.1649356504
.criticalstart.com/	1970-01-20 02:09:16	Name: _gat_UA-26371505-1 Value: 1
.bing.com/	1970-01-20 11:30:52	Name: MUID Value: 3A73C4EF89C36EBB3BB4D59088A86F21
.doubleclick.net/	1970-01-20 02:09:17	Name: test_cookie Value: CheckForPermission
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 0sQucvYlTWQ
.youtube.com/	1970-01-20 06:28:28	Name: VISITOR_INFO1_LIVE Value: AMboIUyHzvM
.criticalstart.com/	1970-01-20 04:18:52	Name: _fbp Value: fb.1.1649356504502.1444286053
.t.co/	1970-01-20 19:40:28	Name: muc_ads Value: 479c2ac7-9cf6-47cd-a096-6ac48186f56a
.facebook.com/	1970-01-20 04:18:52	Name: fr Value: 0ftApjkJin6cHn4wO..BiTy7Y...1.0.BiTy7Y.
.linkedin.com/	1970-01-20 02:52:28	Name: UserMatchHistory Value: AQKG5k0NUWa_gQAAAYAFTv3hRisTW2qcRZd_NTQ4ZB8P4jf1JLa7E3O05SmqclE7hW-yAn1eaZmCdQ
.linkedin.com/	1970-01-20 02:52:28	Name: AnalyticsSyncHistory Value: AQLHxSbPy6n21gAAAYAFTv3hji79ggaOnoTEjt1-cGto5CGm9CliqZ6CVF2Bj-Us6nnjHudS1w_c0Ppe-eNl-w
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:41:10	Name: bcookie Value: "v=2&4703cbce-082a-45da-8158-fad7679e340b"
.linkedin.com/	1970-01-20 02:10:42	Name: lidc Value: "b=TGST06:s=T:r=T:a=T:p=T:g=2395:u=1:x=1:i=1649356504:t=1649442904:v=2:sig=AQH7IptUk5_AuRvzmXASHv3Dl2uj-Z7n"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:41:10	Name: bscookie Value: "v=1&2022040718350441088191-413b-441b-82f9-031a4ee31e82AQF2_eC6gFv7CDqGjMBULX0iitGfSIMg"
.linkedin.com/	1970-01-20 19:39:13	Name: li_gc Value: MTswOzE2NDkzNTY1MDQ7MjswMjH4s2pE2ln5/cYm5PN6SGkNxbsuhNXKlR0Fnf3nbOynAA==
.criticalstart.com/	1970-01-20 02:10:42	Name: _uetsid Value: 71554c80b6a111ecb63dd32d7a969c4c
.criticalstart.com/	1970-01-20 11:30:52	Name: _uetvid Value: 71556ef0b6a111ecb5c0c126a94d84ba
.criticalstart.com/	1970-01-20 19:40:28	Name: _mkto_trk Value: id:586-OQG-630&token:_mch-criticalstart.com-1649356504923-55871
.criticalstart.com/	1970-01-20 10:54:52	Name: _hjSessionUser_2527307 Value: eyJpZCI6ImY5NWI5MTljLTQ5YjctNTBiYi1hMWQyLTNiM2I0ZDExNGQxOCIsImNyZWF0ZWQiOjE2NDkzNTY1MDQ0NjUsImV4aXN0aW5nIjpmYWxzZX0=
.criticalstart.com/	1970-01-20 02:09:18	Name: _hjFirstSeen Value: 1
security.criticalstart.com/	1970-01-20 02:09:16	Name: _hjIncludedInSessionSample Value: 1
.criticalstart.com/	1970-01-20 02:09:18	Name: _hjSession_2527307 Value: eyJpZCI6IjU5ZDkyYmMyLWMzMWEtNDc1ZC04NjVkLTFkMmFjZjBhNzVjMiIsImNyZWF0ZWQiOjE2NDkzNTY1MDUwMDAsImluU2FtcGxlIjp0cnVlfQ==
security.criticalstart.com/	1970-01-20 02:09:16	Name: _hjIncludedInPageviewSample Value: 1
.criticalstart.com/	1970-01-20 02:09:18	Name: _hjAbsoluteSessionInProgress Value: 0
.criticalstart.com/	1970-01-20 06:28:28	Name: __hstc Value: 191102197.2afe05a316db7ad8bb26b04e233ffb6a.1649356505250.1649356505250.1649356505250.1
.criticalstart.com/	1970-01-20 06:28:28	Name: hubspotutk Value: 2afe05a316db7ad8bb26b04e233ffb6a
.criticalstart.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.criticalstart.com/	1970-01-20 02:09:18	Name: __hssc Value: 191102197.1.1649356505251
.hubspot.com/	1970-01-20 02:09:18	Name: __cf_bm Value: Nw3RhZtZDexCV_y3aaToOZf5Sc76PiamKvln2hUiLbk-1649356505-0-AdJR52PT2jl2mkvJe8Xrc9NHolJMhJHOauA6vvdShaYScqBDSt1h3cNRV/m+YCqpnuFSkhjbfjQXKO9akbhy35Q=

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-logo-official-color.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/CriticalStart-Logo-Black-ai1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-fb.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-twitter.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-li.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-youtube.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-insta.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 834) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-logo-official-color.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/CriticalStart-Logo-Black-ai1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-fb.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-twitter.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-li.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-youtube.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew(Line 1270) Message: Mixed Content: The page at 'https://security.criticalstart.com/WBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html?mkt_tok=NTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew' was loaded over HTTPS, but requested an insecure element 'http://security.criticalstart.com/rs/586-OQG-630/images/cs-social-bw-insta.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o16zh&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2aefc7c1-9682-4d0f-947e-8bd83a549f0e&tw_document_href=https%3A%2F%2Fsecurity.criticalstart.com%2FWBR-2022-4-MSFT-User-Based-Attacks_Registration-Page.html%3Fmkt_tok%3DNTg2LU9RRy02MzAAAAGDpDjQW5nUeuaEdPIKMFag43OFpyYRMWZFVJJjYyFEwYi03Y7lkJDG51Kj9W_sGa_-milMN-KNS4T00qgNVN9TI-Y-KE24aVqPN0Umew&tpx_cb=twttr.conversion.loadPixels Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11725758.fls.doubleclick.net
586-oqg-630.mktoresp.com
adservice.google.com
adservice.google.de
analytics.twitter.com
bat.bing.com
cdn.calltrk.com
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
dummyimage.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
in.hotjar.com
insight.adsrvr.org
jnn-pa.googleapis.com
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
maxcdn.bootstrapcdn.com
mkto-sj200229.com
munchkin.marketo.net
pixel.sitescout.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
security.criticalstart.com
settings.luckyorange.net
snap.licdn.com
static.ads-twitter.com
static.doubleclick.net
static.hotjar.com
stats.g.doubleclick.net
t.co
templates.marketo.net
track.hubspot.com
up.pixel.ad
vars.hotjar.com
ws9.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
104.111.234.67
104.17.70.206
104.17.74.206
104.244.42.195
104.244.42.197
104.26.10.16
108.138.17.88
108.157.4.53
13.107.42.14
142.250.181.226
142.250.185.230
143.204.101.136
151.101.12.157
178.79.242.181
18.66.3.117
192.28.147.68
2606:4700:3030::6815:4ee6
2606:4700::6811:47b0
2606:4700::6811:d4cc
2606:4700::6811:e8cc
2606:4700::6812:14bf
2606:4700::6812:bcf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::200a
2a00:1450:4001:803::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:829::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2006
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9d
2a02:26f0:3500:7::17d8:4dcd
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.33.220.150
52.209.39.13
52.222.236.122
52.6.108.254
54.78.65.25
66.155.71.149
00c8eb28301cf1a0c2ff74264a1b5c80e592fb25c15391b73516823156e06ec2
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1425228f124c17d9df4e8bc54e3ff8201c21ca463771dcdeda956614b5744c08
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
167a9600546116fbaf3196d1f265354a0ac7ca10cab6101abad1c4242befef75
1c534c2efd819a2ab9a54c91354e61fc0617f0c8b701f4882525f31758db9a38
1e3e6f99a7f05a7e1e02e018a038664ba1d5e39e730024de07951e5b6e2e5e1d
22482584aeaa7b1d74de072793246c65e38b402ac231f38bb0d9102802543230
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab
264bb2e466c8627fa4f92be5aad9b1ba5610175319eb92992505c4d5b194990e
29dbff6052571a900cf7dd68cfead4f7f992beda1f5faa0d2f535b44b437c17c
2ef6b24ec78bb3ac4bdfa91d2abf4d9f2d4b543ad54c411d50e4307fc8677110
30b6e85cb864024d05a4778952ea29bc0612dc2f73e68354ae9ac3375eab7132
3227c1f0bd7127f9b7fd63630f1868bd5c865be599bf536355d63222b353c197
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
34f6009e23bc9b5562767389039c54f6bdf4976b46af3f38b3676d43602c5d8e
366bb852817c89cb49c89f9a573b7851a37d9d046b526f3daf8c8c3f76c8a756
37217c0fb4c47ca98a1cccd7b96e29b09c1c7e9dabf2a2b37c4bfbd421093db9
38d008e16a1825032b196987b75c1de65de95b15d10dada537705e832de8bdd5
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fb8a441ee24ed58d25bd23708795d278727d98b5724eb665c43128614dfb3e6
405a14afba30a23f445d73700eda94eabb52d2ab3bf81d156901be8f61210baa
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4c81f96fc0003060718d96048ac2d72bbcf9ac4272c73876bdbd6b373046178a
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e3932e42957ba38915b760c33ece2c0acce6d41d3cd767025918149f1aac9cd
548b717c8bde2898b3267fee339072b8cecbabf0a78d2af04358fd7007dcf463
54b1a318711ed45da6f1a787a0b0f601199c8676b7d565a4163674833c64b0a0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5f92dddc043ca7c228d6848ca537b97fab601aad0663aa2c144595810c888a84
6447e59227786bcda7ad58ef045540cba328e5ec0e5ddbd88b4f57122feaf926
6c349fbb2f88ef013c637ec5c673ad007667a78fd3c11c4256c9356a9e9887f0
6dc082d19bb80a5539b425584dfd2816439d89938dd495c9c9cab8cf4239b416
6fe492e4b5de167afde35c3771d71acdf29581faeda76cd51b58f35192dfb460
72d16005c1174b5d9dc0cc382d47fdf51bcbe92df30811a3468c531f02117138
752544b2b163da4740e8bada2a0d71e945c2ba4c95f3c85c198f838176fb5bb8
7ce02e0f563c14e7fd2d3249c13317e74fef66108f27096bf04a04552aa0c99c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85284d8d7b6a78b177f560abc2f495c32bbe3bf74c6ee6e95c6a200acee3aa83
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
8ca24ab7851070d77c39c913b2fca110d3985cce2d5cb66159b53729009c3f4d
9151b7c0579bbb661e7aaa71e3090a0638472b5671b2e422dccca46fcd089969
924d56b948a5e7b6dbec58c81f4b620607ddbd7a5c7ea1243bd38a4b3246b2b0
947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221
95f2a2d9bf981b3f923cc601270603e88c14767e7e29310eb2d8b6b1407457f1
96ca7cf6e9ed963b2506a22f5fd5591a1e9f7aac3acf3b52d7dc83eec8f0ffcc
97f09496643c9756755ee20a7ced6bb3bdbf173122e238e1bdd2745f02dbddb2
9a158fe522ab04c091ffd4d359a75501530612950002921d8f515264fa7771f5
a053476056391580b7951c1a95fc3feb099065e25d589d7be36d8ad20d53af7c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3fa7f67051eaf973b5d540a983e99ded68aee41ebeda83a7c965fdc1162a28d
a555f9e6f0e134af68f2357d2e39f024e9dc304b7301d764152c4d31808d8123
a62d0b53c5b884944d9c0f4822c3db268342c7ae6733727565b627062da259c8
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b3c1069de3fb5149802265c54fa7b8b4eb914f2491762be09635dddb0ae73a86
b6a45d61605255e5b338ead5555402803d17ded58f7f0af029f8618e1b267c9c
bff02ad18694224154604dfd3ef68fcdaf2851809ee163f1f004c31c280b202a
c201615347b11756bf862062d0853346ffb726d8d10a7db7c04a1117c1528630
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c7f64f0b138aca223bf8acd051ceb7cb7088b28d6604c39d534eecbcdd2bef62
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cdd990780e599b36cf461325d49dcc63c55e17e37d91c6d8db0173a764c79c19
ce01c41255d7e61cc44e865184559085737a98cf6911ef67f915692152b88852
cf6e2657ce919d37af18e24e1462f5fa32dae70a4e3cdb5b384e62b70717d53d
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d896655026aa3cd893cf1f255d8a3067b944c4d31cef820d268f8d15aeefdbfc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f55bf77900524bccdacac1e619ef30c978078f6d303a142689bf6b726b9dff76
f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715
f8946c23d8ebf3f0dfed2646d99c54c27688aed362292edb30200e3deb8ebf42
fe82c97afe385688e2751e5c7ac9dcd5c6fd8044cd548903852fa702d4868f1d

security.criticalstart.com Open in urlscan Pro 104.17.70.206 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

106 Requests

98 %HTTPS

54 %IPv6

35 Domains

51 Subdomains

47 IPs

6 Countries

2307 kBTransfer

6376 kBSize

37 Cookies

9 Outgoing links

Page URL History

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

security.criticalstart.com Open in urlscan Pro
104.17.70.206 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

98 %
HTTPS

54 %
IPv6

35
Domains

51
Subdomains

47
IPs

6
Countries

2307 kB
Transfer

6376 kB
Size

37
Cookies

106 HTTP transactions
0 data transactions