www.huntress.com Open in urlscan Pro
34.249.200.254 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Effective URL:
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Submission: On April 04 via manual (April 4th 2024, 10:43:18 pm UTC) from US — Scanned from DE

Summary HTTP 150 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 65 IPs in 5 countries across 49 domains to perform 150 HTTP transactions. The main IP is 34.249.200.254, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 296426.
TLS certificate: Issued by R3 on March 15th 2024. Valid for: 3 months.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	34.249.200.254 34.249.200.254	16509 (AMAZON-02) (AMAZON-02)
21	2600:9000:212... 2600:9000:2127:b600:12:9e5f:cac0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
13	95.101.111.184 95.101.111.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.111.224.162 34.111.224.162	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.65.91 151.101.65.91	54113 (FASTLY) (FASTLY)
5	104.16.89.20 104.16.89.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	140.82.121.3 140.82.121.3	36459 (GITHUB) (GITHUB)
1	18.244.20.221 18.244.20.221	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:89d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	76.76.21.93 76.76.21.93	16509 (AMAZON-02) (AMAZON-02)
4	76.76.21.22 76.76.21.22	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
1	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	185.199.109.154 185.199.109.154	54113 (FASTLY) (FASTLY)
8	2600:9000:235... 2600:9000:235a:ea00:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
1	162.159.153.247 162.159.153.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1 4	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	3.76.146.81 3.76.146.81	16509 (AMAZON-02) (AMAZON-02)
1	65.9.95.45 65.9.95.45	16509 (AMAZON-02) (AMAZON-02)
1	65.9.95.100 65.9.95.100	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:212... 2600:9000:2127:2e00:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.21.250.58 52.21.250.58	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:20:... 2606:4700:20::ac43:44da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7d0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e3a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	172.217.18.14 172.217.18.14	15169 (GOOGLE) (GOOGLE)
2	35.83.8.35 35.83.8.35	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.19 13.32.27.19	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::63 2620:1ec:46::63	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	34.159.227.151 34.159.227.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.230.6.246 3.230.6.246	14618 (AMAZON-AES) (AMAZON-AES)
2	104.17.207.249 104.17.207.249	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:480... 2a02:26f0:480:23::1726:62a3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.182.214.99 52.182.214.99	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
1	65.9.95.69 65.9.95.69	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.16.137.15 104.16.137.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
150	65

1 34.249.200.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:2127:b600:12:9e5f:cac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets-global.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 95.101.111.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.224.162 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 162.224.111.34.bc.googleusercontent.com

js.na.chilipiper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.91 (United States)

ASN54113 (FASTLY, US)

client-registry.mutinycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.89.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 140.82.121.3 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.20.221 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-20-221.fra56.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89d1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.93 (Walnut, United States)

ASN16509 (AMAZON-02, US)

tools.refokus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.76.21.22 (Walnut, United States)

ASN16509 (AMAZON-02, US)

hubspotonwebflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.109.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-154.github.com

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:235a:ea00:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.153.247 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.76.146.81 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-45.prg50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-100.prg50.r.cloudfront.net

cdn.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:2e00:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.250.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-250-58.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:44da (United States)

ASN13335 (CLOUDFLARENET, US)

huntresscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7d0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.14 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f14.1e100.net

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.83.8.35 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-83-8-35.us-west-2.compute.amazonaws.com

api-gw.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.159.227.151 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.227.159.34.bc.googleusercontent.com

webhooks.fivetran.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.230.6.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-6-246.compute-1.amazonaws.com

api.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.207.249 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:23::1726:62a3 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.182.214.99 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

g.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.116 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-69.prg50.r.cloudfront.net

rc-widget-frame.js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.137.15 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	website-files.com assets-global.website-files.com — Cisco Umbrella Rank: 6404 assets.website-files.com — Cisco Umbrella Rank: 12236	1 MB
15	6sc.co j.6sc.co — Cisco Umbrella Rank: 5872 c.6sc.co — Cisco Umbrella Rank: 9222 ipv6.6sc.co — Cisco Umbrella Rank: 5999 b.6sc.co — Cisco Umbrella Rank: 3952	41 KB
8	github.com gist.github.com — Cisco Umbrella Rank: 47212	47 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 744 g.clarity.ms — Cisco Umbrella Rank: 42996 c.clarity.ms — Cisco Umbrella Rank: 1368	28 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 320 www.linkedin.com — Cisco Umbrella Rank: 581 px4.ads.linkedin.com — Cisco Umbrella Rank: 6476	4 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2903	11 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3274 google.com — Cisco Umbrella Rank: 1	1 KB
5	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 332	23 KB
4	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 8728 api-gw.metadata.io — Cisco Umbrella Rank: 22743	4 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 329 c.bing.com — Cisco Umbrella Rank: 234	16 KB
4	hubspotonwebflow.com hubspotonwebflow.com — Cisco Umbrella Rank: 40567	26 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7030	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2328	17 KB
3	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4384 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4304 track.hubspot.com — Cisco Umbrella Rank: 2436	27 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 25666 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23023	2 KB
3	neverbounce.com cdn.neverbounce.com — Cisco Umbrella Rank: 61674 api.neverbounce.com — Cisco Umbrella Rank: 125133	30 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 71	69 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	289 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4737	2 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4459 perf-na1.hsforms.com — Cisco Umbrella Rank: 4655	2 KB
2	fivetran.com webhooks.fivetran.com — Cisco Umbrella Rank: 119599	325 B
2	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1323	712 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4730 forms.hscollectedforms.net — Cisco Umbrella Rank: 4806	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 780 script.hotjar.com — Cisco Umbrella Rank: 1035	59 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	74 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 6165 q.quora.com — Cisco Umbrella Rank: 4397	15 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1210	10 KB
2	driftt.com js.driftt.com — Cisco Umbrella Rank: 5980 rc-widget-frame.js.driftt.com — Cisco Umbrella Rank: 105566	60 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 497	697 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 99	273 B
1	google.de www.google.de — Cisco Umbrella Rank: 7528	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 96	255 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 816	725 B
1	t.co t.co — Cisco Umbrella Rank: 663	376 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3287	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5217	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2311	22 KB
1	huntresscdn.com huntresscdn.com — Cisco Umbrella Rank: 6003	112 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7771	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 787	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 811	17 KB
1	githubassets.com github.githubassets.com — Cisco Umbrella Rank: 9017	11 KB
1	gstatic.com www.gstatic.com	201 KB
1	refokus.com tools.refokus.com — Cisco Umbrella Rank: 51727	1 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2558	1 KB
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	30 KB
1	mutinycdn.com client-registry.mutinycdn.com — Cisco Umbrella Rank: 18985	17 KB
1	chilipiper.com js.na.chilipiper.com — Cisco Umbrella Rank: 239680	25 KB
1	huntress.com www.huntress.com — Cisco Umbrella Rank: 296426	31 KB
150	49

	Domain	Requested by
21	assets-global.website-files.com	www.huntress.com
8	assets.website-files.com	assets-global.website-files.com
8	gist.github.com	www.huntress.com
7	b.6sc.co
6	tags.srv.stackadapt.com	www.huntress.com tags.srv.stackadapt.com
5	cdn.jsdelivr.net	www.huntress.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	hubspotonwebflow.com	www.huntress.com hubspotonwebflow.com
4	j.6sc.co	www.huntress.com j.6sc.co www.googletagmanager.com
3	js.zi-scripts.com	www.huntress.com js.zi-scripts.com
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.huntress.com
3	www.youtube.com	www.huntress.com www.googletagmanager.com www.youtube.com
3	www.googletagmanager.com	www.huntress.com www.googletagmanager.com
3	www.google.com	www.huntress.com www.gstatic.com
2	ws.zoominfo.com	js.zi-scripts.com
2	c.clarity.ms	1 redirects
2	g.clarity.ms	www.clarity.ms
2	ipv6.6sc.co	j.6sc.co
2	c.6sc.co	j.6sc.co
2	api.neverbounce.com	cdn.neverbounce.com
2	webhooks.fivetran.com	huntresscdn.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	ibc-flow.techtarget.com	trk.techtarget.com
2	api-gw.metadata.io	cdn.metadata.io
2	google.com	www.googletagmanager.com
2	alb.reddit.com	www.huntress.com
2	cdn.metadata.io	www.huntress.com
2	connect.facebook.net	www.huntress.com connect.facebook.net
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
1	c.bing.com	1 redirects
1	track.hubspot.com
1	rc-widget-frame.js.driftt.com	js.driftt.com
1	secure.adnxs.com	j.6sc.co
1	perf-na1.hsforms.com	www.huntress.com
1	forms.hsforms.com	www.huntress.com
1	www.facebook.com	www.huntress.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	www.huntress.com
1	www.linkedin.com	1 redirects
1	www.google.de	www.huntress.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	analytics.twitter.com	www.huntress.com
1	t.co	www.huntress.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	huntresscdn.com	www.huntress.com
1	q.quora.com	www.huntress.com
1	trk.techtarget.com	www.huntress.com
1	cdn.neverbounce.com	www.googletagmanager.com
1	static.hotjar.com	www.huntress.com
1	tracking.g2crowd.com	www.huntress.com
1	static.ads-twitter.com	www.googletagmanager.com
1	a.quora.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	github.githubassets.com	gist.github.com
1	js.driftt.com	www.huntress.com
1	www.gstatic.com	www.google.com
1	tools.refokus.com	www.huntress.com
1	js.hs-scripts.com	www.huntress.com
1	d3e54v103j8qbb.cloudfront.net	www.huntress.com
1	client-registry.mutinycdn.com	www.huntress.com
1	js.na.chilipiper.com	www.huntress.com
1	www.huntress.com
150	70

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
assets-global.website-files.com
www.facebook.com
twitter.com
www.linkedin.com
www.reddit.com
www.connectwise.com
gist.github.com
github.com
learn.microsoft.com

Subject Issuer	Validity	Valid
www.huntress.com R3	`2024-03-15` - `2024-06-13`	3 months	crt.sh
*.website-files.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
chilipiper.com GoGetSSL RSA DV CA	`2024-02-05` - `2025-03-07`	a year	crt.sh
client-registry.mutinycdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-06` - `2025-04-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.github.com Sectigo ECC Domain Validation Secure Server CA	`2024-03-07` - `2025-03-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
hs-scripts.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
tools.refokus.com R3	`2024-02-20` - `2024-05-20`	3 months	crt.sh
*.hubspotonwebflow.com R3	`2024-03-15` - `2024-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.githubassets.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-28` - `2024-09-27`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
quora.com R3	`2024-02-18` - `2024-05-18`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2024-04-04` - `2024-06-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-13` - `2024-04-12`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
neverbounce.com Amazon RSA 2048 M03	`2024-01-29` - `2025-02-25`	a year	crt.sh
*.metadata.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-29` - `2025-01-28`	a year	crt.sh
*.quora.com R3	`2024-03-10` - `2024-06-08`	3 months	crt.sh
huntresscdn.com Cloudflare Inc ECC CA-3	`2023-05-10` - `2024-05-09`	a year	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-03-10` - `2024-06-08`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
webhooks.fivetran.com R3	`2024-03-28` - `2024-06-26`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.drift.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-03-29` - `2024-06-27`	3 months	crt.sh
zoominfo.com E1	`2024-03-22` - `2024-06-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Frame ID: 597CD2FB34EFD2ADCBF3DA59B0899D01
Requests: 140 HTTP requests in this frame

Frame: https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY
Frame ID: 560BCB1C87E694B076CB5DC33851DC6A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=hh28byczbzn6
Frame ID: 3A3B9D248D5C233087DBF304B023D85D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Frame ID: 92B3CBC7584649F0BCC6E38D802BDBE6
Requests: 1 HTTP requests in this frame

Frame: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=7b843438-e3e6-4212-9f71-892f7665b651&sessionStarted=1712270594.414&campaignRefreshToken=3ee99459-e1a1-4620-b2e3-86f74ae99f5d&pageLoadStartTime=1712270592754&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Frame ID: CEC574EC50A0756C6DEC11FAAD9AD966
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress Blog

Page URL History Show full URLs

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authenticatio... HTTP 307
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authenticatio... Page URL

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

150
Requests

98 %
HTTPS

44 %
IPv6

49
Domains

70
Subdomains

65
IPs

5
Countries

2949 kB
Transfer

7339 kB
Size

65
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.huntress.io/hc/en-us
Title: Support Documentation

Search URL Search Domain Scan URL

URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/6598317ed13aaee7ad5b2b9b_CascadeTechnologies-CaseStudy.pdf

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Title: security advisory

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964/raw/b5a20fc9f6755de41955d529f85f39d11e77fb6d/gistfile1.txt
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964#file-gistfile1-txt
Title: gistfile1.txt

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8/raw/2f12bda8ae4e324be4451ed2c04d3a23b52b4c62/SetupWizard.aspx.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8#file-setupwizard-aspx-diff
Title: SetupWizard.aspx.diff

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/system.web.httprequest.path?view=netframework-4.8.1
Title: MSDN documentation

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3/raw/9e7333b7945ca8b5b5298c80cf72e04bef4ed69d/ScreenConnect.Core.dll.cs.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3#file-screenconnect-core-dll-cs-diff
Title: ScreenConnect.Core.dll.cs.diff

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea/raw/9fee111c21c06f99b0896cdb5d8be1d36455265b/ScreenConnect.Server.dll.cs.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea#file-screenconnect-server-dll-cs-diff
Title: ScreenConnect.Server.dll.cs.diff

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4663
Title: Windows Event ID 4663

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239/raw/50a4cb25e8d25b94b79a79f4bcaa807274ed506a/SetupWizard_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239#file-setupwizard_sigma_rule-yml
Title: SetupWizard_sigma_rule.yml

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1/raw/20ed93cac337bbb9cb085161e8bc36ed02d2b669/ScreenConnect_modification_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1#file-screenconnect_modification_sigma_rule-yml
Title: ScreenConnect_modification_sigma_rule.yml

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258/raw/bebf1b7546a1b785990563fd424e076cccdc1360/SetupWizard_IIS_log.yara
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258#file-setupwizard_iis_log-yara
Title: SetupWizard_IIS_log.yara

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7/raw/5c08f7ed85d99e1a20206500c353c681e29ffcbd/App_Extensions_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7#file-app_extensions_sigma_rule-yml
Title: App_Extensions_sigma_rule.yml

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP 307
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1712270593518%26li_adsId%3D94264338-27be-4e98-9e53-9c770e2b034d%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fblog%252Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQL-ZCp8PuHRCQAAAY6rR9AxvDpZHvLCBHg0tr_81gGWzvbXsvpnUA4ZVk914_Jw

Request Chain 135

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&RedC=c.clarity.ms&MXFR=3328A43C888D635F0701B06B8C8D6DB3 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&MUID=0E93E2F978B863AD2278F6AE79146241

150 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Show response
www.huntress.com/blog/
Redirect Chain

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

128 KB
31 KB

194ms
60ms

Document
text/html

34.249.200.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7e6099f8d59d29c1446e0d06b18e6213da825582d128799560094a5ecdfae5a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3963
content-encoding: gzip
content-length: 31045
content-security-policy: frame-ancestors 'self'
content-type: text/html
date: Thu, 04 Apr 2024 22:43:12 GMT
referrer-policy: origin
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: MISS, HIT
x-cache-hits: 0, 3
x-cluster-name: eu-west-1-prod-hosting-red
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-lambda-id: d2065e3a-b2a6-43a5-9e3e-8672cad7a8fb
x-served-by: cache-iad-kcgs7200177-IAD, cache-dub4326-DUB
x-timer: S1712270593.708586,VS0,VE0
x-xss-protection: 1; mode=block

Redirect headers

Location: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 huntress-new.4fa7a55b5.min.css
assets-global.website-files.com/6579dd0b5f9a54376d296915/css/ 348 KB
57 KB 76ms
19ms Stylesheet
text/css 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f17723e05ced08cbee817fc6c8327965f4fcd1f32aea681868acc75218330462

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: mTUio.8pA_d2FE7h0xC_KHc4n4mW9bao
content-encoding: gzip
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 22:41:56 GMT
age: 6432
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 58223
last-modified: Wed, 03 Apr 2024 21:22:45 GMT
server: AmazonS3
etag: "34bd9d5b7a239b21730e7cd3eb2119b4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: qq52d5IBfnwnN9cYYYAsOthYsI_pp4ZKYgmiDt7kSMa2ynOVtRn04Q==

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
856 B 35ms
16ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

3a6418816eed3b450709ad2c7509c5726da45f1b0a82184992fc447d6c961b9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 22:43:12 GMT

GET
H2 200 8769192b-20ba-4df2-8d62-2740a805c3e8.js Show response
j.6sc.co/j/ 1002 B
911 B 459ms
400ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: UrRvP5epIIYMFKpHnUIiG3eAjq1aSOQ0
content-encoding: gzip
date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 511
pragma: no-cache
last-modified: Mon, 04 Dec 2023 23:24:23 GMT
server: AmazonS3
etag: "c6115ff14d497b0e4a2d9c497d7ad5d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: ZIU4A9LLMmV2LBc86kHo0pr6RTbaJNMA49TVrnLTqHCz15fmDfakmA==
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 marketing.js Show response
js.na.chilipiper.com/ 73 KB
25 KB 162ms
123ms Script
application/javascript 34.111.224.162
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://js.na.chilipiper.com/marketing.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.224.162 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

162.224.111.34.bc.googleusercontent.com

Software

Resource Hash

02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: data: wss://.chilipiper.com wss://.chilipiper.io wss://.chilipiper.cool wss://.chilipiper.team https://.chilipiper.com https://.chilipiper.io https://.chilipiper.cool https://.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://.rollout.io https://.facebook.com https://.marketo.com https://.mixpanel.com https://.hubspot.com https://.pardot.com https://.getdrip.com https://.google.com https://.googleapis.com https://.hsforms.net https://.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://.intercom.io https://.mutinycdn.com https://.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.bugsnag.com https://zoom.us https://.gotomeeting.com https://.rollout.io https://.codox.io https://cdn.tiny.cloud https://js.stripe.com https://.zdassets.com https://.zendesk.com https://.zopim.com wss://chilipiper.zendesk.com wss://.zopim.com https://.googleusercontent.com https://.facebook.net https://.doubleclick.net https://.licdn.com https://.googleadservices.com https://.digitaloceanspaces.com https://.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://.lr-in-prod.com https://polyfill.io https://.planhat.com https://.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src data: blob: 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' blob: data: wss://.chilipiper.com wss://.chilipiper.io wss://.chilipiper.cool wss://.chilipiper.team https://.chilipiper.com https://.chilipiper.io https://.chilipiper.cool https://.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://.rollout.io https://.facebook.com https://.marketo.com https://.mixpanel.com https://.hubspot.com https://.pardot.com https://.getdrip.com https://.google.com https://.googleapis.com https://.hsforms.net https://.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://.intercom.io https://.mutinycdn.com https://.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.bugsnag.com https://zoom.us https://.gotomeeting.com https://.rollout.io https://.codox.io https://cdn.tiny.cloud https://js.stripe.com https://.zdassets.com https://.zendesk.com https://.zopim.com wss://chilipiper.zendesk.com wss://.zopim.com https://.googleusercontent.com https://.facebook.net https://.doubleclick.net https://.licdn.com https://.googleadservices.com https://.digitaloceanspaces.com https://.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://.lr-in-prod.com https://polyfill.io https://.planhat.com https://.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src data: blob: 'unsafe-inline';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
via: 1.1 google
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22403
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Mon, 19 Feb 2024 02:04:51 GMT
etag: W/"65d2b743-122e0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=60, must-revalidate
x-cache-hit: revalidated
x-content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';

GET
H2 200 c9c27905c1e445d6.js Show response
client-registry.mutinycdn.com/personalize/client/ 52 KB
17 KB 49ms
8ms Script
application/javascript 151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 037a17512985e112e6b64b0534e3953dfca28420d2cab55f7771a7dd22a79918

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: rm7CCdEnzkQDMM8OaKvaUoqsUvl3R5ky
x-continent-code: EU
content-encoding: gzip
date: Thu, 04 Apr 2024 22:43:12 GMT
via: 1.1 varnish
x-edge-region: EU-East
x-amz-request-id: 5JCERJWB0V4JQEPE
age: 2905
x-amz-server-side-encryption: AES256
x-cache: HIT
x-edge-datacenter: FRA
content-length: 16796
x-amz-id-2: Gtzudxb0tFv1US/x3H/SzoHCy3F3GyV1gjRCXH0j/BsQ/cE0luY63ifYvXu8fU3z0BAC9HWF6wQ=
x-served-by: cache-fra-etou8220072-FRA
x-connection-speed: broadband
last-modified: Thu, 04 Apr 2024 18:45:37 GMT
server: AmazonS3
etag: "69ed807655696293abd69dd989387f9c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=3600, max-age=0
vary: X-Continent-Code, Accept-Encoding
accept-ranges: bytes
x-country-code: DE
x-cache-hits: 1

GET
H3 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 27ms
15ms Stylesheet
text/css 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1926618
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220022-FRA, cache-lga21974-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zlC8ueQH2NlUieiCr%2BrmZdYSPiLiQ%2BFKCVLXHGRgjvYgJAaVASNh%2B%2BgWv7HoWjz5OMSmhkyWMF7uWs%2FabC4L2VONil%2FjZGzSMd69eiwCGIKVTNBPfg%2BX341hU0aufLcsTTU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f4d0e4c99d4dcd-FRA

GET
H3 200 index.umd.min.js Show response
cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/ 5 KB
3 KB 28ms
17ms Script
application/javascript 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 38086
x-jsd-version: 3.23.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2045
x-served-by: cache-fra-etou8220149-FRA, cache-lga21943-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"1257-XGh/u0oT7hTbaQXf16hjV3fN0OU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55AX1gt2PynwXuRxjFYwskXr%2Fu%2BJl7%2B1c4%2Fkw2i4UTl9KmVOHGuXXJHqOgG4wldkRjPvEhu0gM80GIg4W4%2F4LYgvnjaLjBMEx6ARFH5r5yGebn8u2OO%2BBMj0S0fmVgNSjYk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86f4d0e4c99c4dcd-FRA

GET
H3 200 richtext.js Show response
cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/ 8 KB
4 KB 21ms
17ms Script
application/javascript 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16935
x-jsd-version: 1.10.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220054-FRA, cache-lga21953-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"2147-I41v+oq443LPQB6aPqMil27q9QY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zKs3jgm%2FvIJAlvpAJwrr3J6tIV%2FALiA%2BsKYETS21A%2FR%2FczRSZUMsX8mCTgJ2eSuIb%2F9%2B1x%2BnTHpHDhOxnVrFo3S5uQ%2B5TTMNX%2B%2BesrX9Ncly6GixWD9NoHjICLWOZTe9%2Bno%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 86f4d0e7abf84dcd-FRA

GET
H2 200 65f75020c99f25928927347f_banner-blue-halo.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 23 KB
23 KB 67ms
11ms Image
image/webp 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 17 Mar 2024 21:08:05 GMT
x-amz-version-id: VQxidV2D7M0v1MjkNARxPZzB4FkcrZg4
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 1560908
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23574
last-modified: Sun, 17 Mar 2024 20:18:41 GMT
server: AmazonS3
etag: "cd3521a7574865352fcc31cd4d968864"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: sJLzUnn1r1RVwUHwfPo29hloJfia5aXul9C57Hjlhmx2U1LTzZwoUg==

GET
H2 200 655d92689c415e9fefcf2400_Hero-grapic-right-02.png
assets-global.website-files.com/655d92689c415e9fefcf2368/ 5 KB
5 KB 68ms
13ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 05:44:52 GMT
x-amz-version-id: ds4He9jpqLhVudpNkauPNw12aaYIjxRr
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 8355500
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 5002
last-modified: Wed, 22 Nov 2023 05:32:26 GMT
server: AmazonS3
etag: "d360d7cfb07b3fdc3fbc56204caa4c06"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: G86aADYQxo6OBIF02oG5eC7iOnXBOtLw4YmpaOunQbyHa36gEEV3OA==

GET
H2 200 6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 7 KB
7 KB 10ms
10ms Image
image/webp 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: .9LTfep43eO88TqIHc3WnYAIb3vaJe3A
date: Thu, 04 Apr 2024 02:59:15 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 71038
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6778
last-modified: Thu, 21 Dec 2023 07:39:51 GMT
server: AmazonS3
etag: "2deea30793899f56a236f1ba505155ab"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: _oFOEnfF0C28XKqWxj_xDb8uWKN-99mfzMS-go3vYLoXI9UkQvSEyA==

GET
H2 200 6579dd0b5f9a54376d296a5b_facebook.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 368 B
828 B 10ms
10ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 18:39:42 GMT
x-amz-version-id: RZplueeOMT9I2ezQMMUJ8cw13HoQeV5p
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 8481811
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 368
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "b92a7c9703a268bda64464e9f8c245fd"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -tv8RTxRekOPSZ0TwpNMYMBnbWwvlnJtNljNhgmk_dXcvkqJWvptHQ==

GET
H2 200 6579dd0b5f9a54376d296a6f_twitter.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 351 B
810 B 10ms
9ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 19:08:05 GMT
x-amz-version-id: qTS56BoR0gVqfX6mJuOtV4Wu10z6D4RY
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 8480108
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 351
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "e0a4b7f37d6875804665234ecff1cb23"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: qNA6qmdiP2WlNyH7ge6RNrn6QGEvLNtLKjfrQQi19dQ7Ty-_xEGXmQ==

GET
H2 200 6579dd0b5f9a54376d296a70_linkedin.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 675 B
1 KB 29ms
25ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id: mMxIOUbXDP4hW6NdJCWI58VrmvAg.At1
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 8324818
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 675
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "67b0ebebe9b8817edbfa41bdfd2e8c6e"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: TOybo3SMyDR6mkqTgLEDK-5izgBOPENQGUd5qiXW4GwHnXtKJiMGLA==

GET
H2 200 6579dd0b5f9a54376d296a5a_download.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 820 B
1 KB 30ms
26ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id: 5Ss_XSS0A3iWbPuuBVg7J8jICwbGfHO4
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 8324818
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 820
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "8d8c0614e1e224001d7c6dec535490b1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: G4kN8sEg9Cz8KAdA-PtR-gYv4WgazNnFGh5_AVkIg2Hmwe5lK9g6CA==

GET
H2 200 6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 2 KB
2 KB 31ms
27ms Image
image/webp 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: X1oARd.5yRkM1108eqnTnHXez5VJo2XZ
date: Thu, 04 Apr 2024 02:26:17 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 73017
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1996
last-modified: Thu, 21 Dec 2023 07:39:50 GMT
server: AmazonS3
etag: "8a941746cf0b15b4b601f10dac732f1c"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: Jyc6KtPSV12RHLmsqLc1xnA1of-LcDKb2OVhbZL1UYWjF9bQBpwqsg==

GET
H2 200 fac42eefb1bb137d1d8b5707d67d6964.js Show response
gist.github.com/JohnHammond/ 13 KB
6 KB 200ms
150ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

bbfae0a3b7da32ea92fc730b3a357f2aa5b39b596f4711a8c02ed2d901d12fb7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1898
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A2C0:15903B2A:660F2D00
etag: W/"bbfae0a3b7da32ea92fc730b3a357f2a"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 a1bf6c78769ea253e43326ca23d3c2b8.js Show response
gist.github.com/JohnHammond/ 7 KB
6 KB 158ms
120ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

a161369b576860ce9654480562ba1ddeafe81f9ad5ee8f7db2fb00f4892a4b8f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1644
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A2BF:15903B29:660F2D00
etag: W/"a161369b576860ce9654480562ba1dde"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 65d558784370931755195cac_VOF-6GVi8aXEkUnXg6QMpJKg-y8tK8X8wOzr8vpiZr_zsnrQ1-UW6sUxmPiI-pnhlH9p0AaCEsGVqrqIPEEjzdtn1RgshZH8XoaYV118B5SJaZlF4D_KSNMJszRFzGhxjQnjBtSdwnhn786MYYrs8PI.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 431 KB
432 KB 43ms
40ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d558784370931755195cac_VOF-6GVi8aXEkUnXg6QMpJKg-y8tK8X8wOzr8vpiZr_zsnrQ1-UW6sUxmPiI-pnhlH9p0AaCEsGVqrqIPEEjzdtn1RgshZH8XoaYV118B5SJaZlF4D_KSNMJszRFzGhxjQnjBtSdwnhn786MYYrs8PI.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6de8eff2f2f46b4d3e24716caa22af17db498dfbbc0ae5e984d7ea8b098f7d8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:41:57 GMT
x-amz-version-id: v71bzVi68kUfwlP2si3pxThQxfSbrhOh
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 76
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 441368
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "8cf7ad894b14452a1f39733cbcb60e63"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: K04iJ6kTVmurrpcIP630le8DAy5mnbHS_xxtXm6KE84MIUpNd6AMDg==

GET
H2 200 65d5587895aab08ada261523_5o-p55Z5UH6spdxDIaiuiwTL9pVNZXaiwYCUp_mSsxn5z2xDpK5Gw_o-o3ftPbQ7VWbSHYopNTqSimVy3lDSLfLGwHVzAfoGW9N1HJWh2dZFb5cpxoqI6tiihUgtb81vYtMTJUT6-f3byU3q8g8krbU.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 51 KB
51 KB 32ms
29ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d5587895aab08ada261523_5o-p55Z5UH6spdxDIaiuiwTL9pVNZXaiwYCUp_mSsxn5z2xDpK5Gw_o-o3ftPbQ7VWbSHYopNTqSimVy3lDSLfLGwHVzAfoGW9N1HJWh2dZFb5cpxoqI6tiihUgtb81vYtMTJUT6-f3byU3q8g8krbU.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e938e5b4fe364bd2d00ec08067f98aa54b1398df28287257b8434012ff20033

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 6jQ5D_RGwWcrzEAPJSWxDsiDOzmQIgzE
date: Thu, 04 Apr 2024 12:43:53 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 35960
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 51779
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "b3334d2b33ad117de65ee35d5c959a07"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: B6toQL_dzY-M_mcgktBaJm2lXLbl8HfDX0BIXSw6jrWoBrS3XnzpkQ==

GET
H2 200 65d55879cb2af12170f04f97_Es0JkQJKuG-5DjiEiOOfDGEQKAHS8dBwPDRCXqlN72QDQ733637nICPRUkYkJ6TA3JyCaZFTEw5a6dezq4jWGGXwyhFfOG4mpm40MNYMWR7rH-OXO8tepHjgTJbWCQUwRWt0TQ79MJbSTcioXS5mWkQ.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 257 KB
258 KB 45ms
42ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d55879cb2af12170f04f97_Es0JkQJKuG-5DjiEiOOfDGEQKAHS8dBwPDRCXqlN72QDQ733637nICPRUkYkJ6TA3JyCaZFTEw5a6dezq4jWGGXwyhFfOG4mpm40MNYMWR7rH-OXO8tepHjgTJbWCQUwRWt0TQ79MJbSTcioXS5mWkQ.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 67786077050307fcffb9795d3f5fd2a2e5d3956e692181609fee98693604d321

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:41:57 GMT
x-amz-version-id: mm_tv6ya.xbyiKsK3wBuhJlKMytTlvWx
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 76
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 262979
last-modified: Wed, 21 Feb 2024 01:57:15 GMT
server: AmazonS3
etag: "fe66f6692ba22e7b01168f78fdbe06ca"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 34QX7JSLJhI1Ly5e-puemmXztNIGJj37i0_QmN69JimBDA0GBf5kDg==

GET
H2 200 65d5587816961aa1bccf46e7_bCQT10Rn49nJ0hfB4GAkkb3XEvxwdyo-gxNYZzVtE5K9v1nQmjWbCW6OHPdS9wTnTRGJ0KpH_LH0d1YY_Ignr_zFKfRs9BqM1SpJfeox48WDpKIdDgOhJ6d_n947AQK1p4PqR0fxL7-LawYoIVNYcys.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 129 KB
129 KB 35ms
32ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d5587816961aa1bccf46e7_bCQT10Rn49nJ0hfB4GAkkb3XEvxwdyo-gxNYZzVtE5K9v1nQmjWbCW6OHPdS9wTnTRGJ0KpH_LH0d1YY_Ignr_zFKfRs9BqM1SpJfeox48WDpKIdDgOhJ6d_n947AQK1p4PqR0fxL7-LawYoIVNYcys.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b9662a50703853ca2a318262d930668b8ae42333c6b413a424d0296212c40865

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: HLK6RtJwr1ieEvG8Jkdr7dxZo2M8q5xZ
date: Thu, 04 Apr 2024 06:49:53 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 57201
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 131679
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "0924c3aca52f1ea982d08401916c51af"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: _6RKdA6ugU1NhUuRYMM-1SeINLIcF9yZKVFwW22J_wyzu7yBx0zZcg==

GET
H2 200 ca3824104f47498768a5ccee49af95b3.js Show response
gist.github.com/JohnHammond/ 7 KB
5 KB 145ms
144ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

56ca8f0d6314136eeb319281448c5f652abea4df2061d2c42752380d76b742dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1585
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A357:15903BC9:660F2D01
etag: W/"56ca8f0d6314136eeb319281448c5f65"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 16b19436045484ccf2aad539f31271ea.js Show response
gist.github.com/JohnHammond/ 6 KB
5 KB 157ms
157ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

aa067c3f9d762c4b27d7593b347b627735508a13e79d5ff35cf109b5f297dedf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1520
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A374:15903BEC:660F2D01
etag: W/"aa067c3f9d762c4b27d7593b347b6277"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 65d55878e0bce79d5469d328_3UiSOzyngYMkZ2TqaT488ZZgGjEPTdpHFOHkPvUScU7z6Jt6uD9hGkaoWVJ8fI1IIO0FNuU_UaNbwPZ6Um9h1WGtQhkSWMxcosQz0KFHj3JgrbVAQ7sIzu8kQ-DuLMcQIS-Cj1aTMKfDCygOuW_R_rk.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 126 KB
126 KB 37ms
34ms Image
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d55878e0bce79d5469d328_3UiSOzyngYMkZ2TqaT488ZZgGjEPTdpHFOHkPvUScU7z6Jt6uD9hGkaoWVJ8fI1IIO0FNuU_UaNbwPZ6Um9h1WGtQhkSWMxcosQz0KFHj3JgrbVAQ7sIzu8kQ-DuLMcQIS-Cj1aTMKfDCygOuW_R_rk.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a447d3663b55765c353cd2d4067634356183f5589b5af36e703e452926669f0e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 76ZcbiQupQpThW9hu3TeyeQensofWkN9
date: Thu, 04 Apr 2024 12:43:53 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 35960
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 128530
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "9f1e03c5de811d7a19dba9af2be6fab3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: RosXh6cpzwV_ncWc8CpS_RA4-C7LiqSWeV1_GIWjeu7tii1nJzQGgg==

GET
H2 200 65cee24bc949be53e6744a84e78b7239.js Show response
gist.github.com/JohnHammond/ 12 KB
6 KB 126ms
126ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

60ba63f369e9131ebda235cb154f2204acf3f5cb6de3dcf289d933ad5eebf778

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2164
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A404:15903C7A:660F2D01
etag: W/"60ba63f369e9131ebda235cb154f2204"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 4bffa96fe54aa6c1cb35509e9d7ad0b1.js Show response
gist.github.com/JohnHammond/ 16 KB
6 KB 139ms
139ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

031ac081c388503c078347630e6db5e0590befc22f345050a050f9b0a79d5083

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2531
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A430:15903CA7:660F2D01
etag: W/"031ac081c388503c078347630e6db5e0"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 e07caff1b2d4526b7fabbecd63784258.js Show response
gist.github.com/JohnHammond/ 10 KB
6 KB 156ms
151ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

a03c63b7757de92a9b204e6c7809d61430bb1b1c363c4ae37b1ec7cad3e93c79

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1974
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A44F:15903CD0:660F2D01
etag: W/"a03c63b7757de92a9b204e6c7809d614"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 d6b7b067b300770636a585e1b42eddc7.js Show response
gist.github.com/JohnHammond/ 17 KB
6 KB 153ms
148ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

2791bb4bda1252e862eef1143ff121bc0825a112166291e2c760cba8c7575e40

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2606
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: 9DDA:3E340E:1558A450:15903CD1:660F2D01
etag: W/"2791bb4bda1252e862eef1143ff121bc"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 47ms
8ms Script
application/javascript 18.244.20.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.20.221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-20-221.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 05:40:31 GMT
content-encoding: br
via: 1.1 b2d59a81483e9c35443be57826cea9fa.cloudfront.net (CloudFront)
age: 61362
x-amz-cf-pop: FRA56-P11
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: _n_u_LWm7XhrgvRashzWeDkByi97njaSAFCS39hGgg5ZtNPlVhZOzg==

GET
H2 200 huntress-new.30e353aba.js Show response
assets-global.website-files.com/6579dd0b5f9a54376d296915/js/ 1 MB
208 KB 19ms
14ms Script
text/javascript 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.30e353aba.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74eeb7d68caa91529c2eb3d822c13adee8d1fd247b0f3b082d84d6da51825919

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: xdlMF86fOjzNTncpZLhYJBWWkyacG9qB
content-encoding: gzip
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 22:41:56 GMT
age: 6432
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 212530
last-modified: Wed, 03 Apr 2024 21:22:45 GMT
server: AmazonS3
etag: "c98b78bdc3631d0794fe1ec8b15b4784"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: PP1axZbKVs2-kGqkR5880kKcOmA57lJ6DLQHqOw_qeAgj4v0XEHPzw==

GET
H2 200 3911692.js Show response
js.hs-scripts.com/ 3 KB
1 KB 51ms
20ms Script
application/javascript 2606:4700::6810:89d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/3911692.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:89d1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5845152cca6b5fb9a206b732d72463eadd2605e0ade7421134cc6fcb59d1a36a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: f64853b4-25c6-4482-88b2-0d1ca648430a
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=3008
age: 77
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f64853b4-25c6-4482-88b2-0d1ca648430a
cf-bgj: minify
last-modified: Thu, 04 Apr 2024 22:41:56 GMT
server: cloudflare
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-2h7n9
x-evy-trace-virtual-host: all
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 86f4d0e7cdc8363b-FRA
expires: Thu, 04 Apr 2024 22:44:43 GMT

GET
H3 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 22ms
20ms Script
application/javascript 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1006236
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230096-FRA, cache-lga21927-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZkQ86v0eXmFVTFI7QoQ9RoKh08otvp%2B30hNgR6O8J1MCMtRAOQDF18DTPsdSNd91b7ol1SUqkpFJsMtiA7h0BMHiu6KGLwIxDTTDP7x6qzUaZf%2BsDnN7gyIOKbOhU5a6Q8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f4d0e7abfa4dcd-FRA

GET
H2 200 bundle.v1.0.0.js Show response
tools.refokus.com/rich-text-enhancer/ 2 KB
1 KB 50ms
10ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::9wlq6-1712270593257-49d96c906371
age: 6138457
etag: W/"bfd9ff53d0c1baa43dbb0f44751f23e9"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bundle.v1.0.0.js"

GET
H3 200 medium-zoom.min.js Show response
cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/ 9 KB
4 KB 22ms
18ms Script
application/javascript 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1926497
x-jsd-version: 1.0.3
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220020-FRA, cache-lga21976-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2FMe8JmhHA%2BhWwuaKhgNn2SdvwXR8CPXQOs%2BkDY8jLBmQcb3LI%2B%2By7sBznmBQDF4KVKuHyn66mwT2XLgYKi3esCrkp9AScd%2FTIcUV%2Buq%2BGa125Ar7vfgGaC3DLECN%2BFbna8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f4d0e7abf64dcd-FRA

GET
H2 200 form-124.js Show response
hubspotonwebflow.com/assets/js/ 10 KB
3 KB 54ms
25ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/assets/js/form-124.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::xk5cj-1712270593246-6d542d37b6c2
age: 1222378
x-matched-path: /assets/js/form-124.js
etag: W/"392ca1f460caa2aa9439969a89f31c13"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="form-124.js"

GET
H2 200 6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js Show response
assets-global.website-files.com/ 144 B
628 B 29ms
24ms Script
application/javascript 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fKVYVp7VLozdKwo7Gp68VwPn_1qCAcOV
content-encoding: gzip
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 01:42:04 GMT
age: 75670
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 131
last-modified: Tue, 26 Dec 2023 09:16:55 GMT
server: AmazonS3
etag: "94d95acc94c6624c39cb9873e3da3787"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: Kd0EoBwVv6UfRjpH_IE1MMSzyT_cNN3zA2IBHvtgIkZFnAOJ-H0jDQ==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/ 502 KB
201 KB 44ms
7ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 15:45:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204859
x-xss-protection: 0
last-modified: Mon, 25 Mar 2024 04:00:24 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Apr 2025 15:45:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 325 KB
102 KB 79ms
43ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

069edde62b8f3bfa2463ae5c4d17f083272e275847a79e2c82503ed7cead8931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103523
x-xss-protection: 0
last-modified: Thu, 04 Apr 2024 22:14:55 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 65 KB
18 KB 9ms
7ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

9924d2769e66e65419dae29ddd452881216820e6a8bb5d1049f9195a24d10c64

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-1020b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17704
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 5d3cypit2iz8.js Show response
js.driftt.com/include/1712270700000/ 212 KB
60 KB 199ms
155ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1712270700000/5d3cypit2iz8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
via: 1.1 91996b055df3611b680390c98760c3d4.cloudfront.net (CloudFront), 1.1 18fab39b23fb6b3013058d6df5faf0bc.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
x-amz-cf-pop: IAD61-P3, FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Mon, 21 Aug 2023 14:57:31 GMT
server: istio-envoy
etag: W/"576cdc1c0941a520c47b54aef3b463f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=10
access-control-allow-credentials: true,true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mP9TSPObs4494gfjr8r5lOP61bbhsGATEFmnGlY9KsNwpRQ2_xI1fQ==

GET
H2 200 AWGoGO5jnvY
www.youtube.com/embed/ Frame 560B 0
0 79ms
56ms Document
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-5LYDRvVEb32lj3s4f4H44Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Thu, 04 Apr 2024 22:43:13 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gist-embed-5d675001c930.css
github.githubassets.com/assets/ 51 KB
11 KB 31ms
7ms Stylesheet
text/css 185.199.109.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://github.githubassets.com/assets/gist-embed-5d675001c930.css

Requested by

Host: gist.github.com
URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.109.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-154.github.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

dae47b8a97cc1b620189dde91132381608aa694f536691fb272780fd1f45e4c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: a3f108a4035e75b06eba252b1c2f1a2827eb23c9
date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31536000
age: 20349
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 10648
x-served-by: cache-iad-kjyo7100023-IAD, cache-fra-etou8220027-FRA
last-modified: Thu, 04 Apr 2024 01:08:23 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8DC5443B9845DF7
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 6, 18

GET
H2 200 655efb41f4bb20e00c9cfe91_Group%2039892.svg
assets-global.website-files.com/655d92689c415e9fefcf2368/ 673 B
1 KB 35ms
35ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/655efb41f4bb20e00c9cfe91_Group%2039892.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 21 Feb 2024 10:16:30 GMT
x-amz-version-id: 2SPzchtrPJOOCpA0jo4V.YS2Osqybov7
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 3760004
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 673
last-modified: Thu, 23 Nov 2023 07:12:03 GMT
server: AmazonS3
etag: "48aeeba05bcceb164d7432689b3bb357"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: aK5q8mFow3lVOS_46Sxn2iUYgVejpzS1Gz5BxRbJ6koHZaIvGNIfLw==

GET
H2 200 6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 20 KB
21 KB 87ms
24ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 29 Dec 2023 12:03:52 GMT
x-amz-version-id: 4frLyUq9eYNLo7inr9AWHf_d33ZSkDwJ
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8419162
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 20916
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "833d58f5538bb02b9d3e362ca829ece7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: JYwnjOPTu2BKMTnnSiiq2q4lK6lPnOuqJGrQ24LQgHoIpCuXYR_Lcw==

GET
H2 200 6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 17 KB
18 KB 88ms
26ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: At.YFBHJO4EQclecPPM23aBnfk3j2h1H
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8475605
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 17728
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "fd0185054945b2abe907dc7e524389c9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 095qsCKPJXS1ixn9tWry1WXamOhRjr7xMlxCCj0aOWtYyzkpaIJd0g==

GET
H2 200 6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 18 KB
18 KB 75ms
13ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:17 GMT
x-amz-version-id: 4JksoGDTlz479HpJYtobtrz0YXSwp3Rx
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8475597
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 18204
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "5aec097021a58170197314c745d296db"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: iAt6F6uN9QAEu1X_fyqJPbAQSRROPcWDHqmYqbs_jxW9_aMPQsT13w==

GET
H2 200 6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 21 KB
21 KB 76ms
14ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: 6cft5KdwVHtlIu77Lo8AxPLF1V_1aCGv
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8475605
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 21280
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "4be3159e8cb3fb66b8e847dd0bedb2ed"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: Gc_5BnrfJktl6B4kWb_IEu2IFLT7sRdlDfuFX4vLC7QjW9fgg7KFFg==

GET
H2 200 6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 18 KB
18 KB 87ms
25ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 13 Feb 2024 08:31:44 GMT
x-amz-version-id: SgNlIeK2CMt3IfgkJzcYPm6BQJFO8VdG
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 4457490
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 18124
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "b62b51b8a8a1c83c200a484a4149c151"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: TnKv3SbjncFpb2fHmAHal9rjoCDZVKdF-nGso0iam8hl1mj73-tAMg==

GET
H2 200 6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 20 KB
20 KB 83ms
21ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 15:22:36 GMT
x-amz-version-id: 1AmjYc4ysufx24AJ6PfPPYoNyma6Viac
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8320838
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 20300
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "07fd1c3f396e8b19e3076e1167800fb5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -ZgKN6Pea-AA5GxO6pNPzdnUsq7Dxf5ImeJYixeAXMyLPQAvZ3N1FA==

GET
H2 200 6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
assets.website-files.com/6579dd0b5f9a54376d296915/ 55 KB
29 KB 80ms
19ms Font
application/x-font-ttf 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 15:55:33 GMT
x-amz-version-id: quM.7z1k_e9xiPUszqLumStS9j4JLmMp
content-encoding: br
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8491661
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: W/"541d84af93ed55a92a75644198c26ca5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: Z3pKrOW7lbQMGZUlwjNEOepNmy_nZOMtCNCtIpJqTOtEGqMDHF29Og==

GET
H2 200 655ddcc107aef728354e9cbf_Huntress-logo.svg
assets-global.website-files.com/655ddcc107aef728354e9c2a/ 16 KB
13 KB 28ms
27ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Jan 2024 08:44:23 GMT
x-amz-version-id: ll9DT5jxvCo6dqqJTOhzWIKk94gBwQHc
content-encoding: br
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 6962331
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 22 Nov 2023 10:49:38 GMT
server: AmazonS3
etag: W/"1b58a7f9d25209475f7150623a7b9993"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: RgmJ4WjhBGXmmkwxZH0O8f2Oj4MbjDR28pa88s1iiEsUNR76evJyfQ==

GET
H2 200 656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
assets-global.website-files.com/655d92689c415e9fefcf2368/ 407 B
866 B 30ms
30ms Image
image/svg+xml 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jan 2024 14:43:06 GMT
x-amz-version-id: 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 7804807
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 407
last-modified: Fri, 24 Nov 2023 10:23:48 GMT
server: AmazonS3
etag: "7b97da408ecd186da2775e85d3b5fc35"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: D3eVKngaC8FCfbaejQIpPes_bl2BZDV6QQkNk8VFx1X1cWVaEAv4KA==

GET
H2 200 6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 2 KB
3 KB 29ms
29ms Image
image/webp 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 0.i3tZnqpf4mpcjZIZI6k.PdzUSOLecT
date: Thu, 04 Apr 2024 02:26:17 GMT
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 73017
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2196
last-modified: Thu, 21 Dec 2023 07:39:51 GMT
server: AmazonS3
etag: "3574559fb267295e5e44a4509e2e6e4f"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: rTolk38u0oJb-HNHxD7btNfpBVhMI1Iy41Uj2mBr_wK9_ZP_qoSJhQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 319 KB
102 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67e9d5a6ce45861e128abf4e6b779916c661662876d79977d40ddfbab679910b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104423
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 246 KB
85 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2951f692f5782fbb1ac60276416fa7ef99a878c2ef2ef4a345db7520e03921b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87174
x-xss-protection: 0
last-modified: Thu, 04 Apr 2024 22:14:55 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 45ms
8ms Script
application/javascript 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Mar 2024 16:03:53 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=44136
accept-ranges: bytes
content-length: 17224

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 28 KB
9 KB 51ms
7ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Feb 2024 20:38:48 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8702

GET
H3 200 qevents.js Show response
a.quora.com/ 41 KB
14 KB 44ms
16ms Script
text/plain 162.159.153.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: M04HPBTPY5GDBBF5
age: 623368
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
last-modified: Thu, 28 Mar 2024 17:33:19 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:87b5ecaafd0e88097cbbb1bbb7695fe9
etag: W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 86f4d0e8afa31c42-FRA
expires: Fri, 05 Apr 2024 02:43:13 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 39ms
7ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220151-FRA

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 58ms
32ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 04 Apr 2024 22:43:12 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 55CB8E035A294AE2A2CFF9A9182C5658 Ref B: FRA31EDGE0814 Ref C: 2024-04-04T22:43:13Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 30ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

47c6585336dd2371eeed6596d97cb1548006f2ce1280c2adc32a08442d6f51cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Apr 2024 22:43:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 59352
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1294, tbw=2779, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: QJOoy1e1zxpWLI9PFem4UrMv1QXk7VXUWaeiYBKdCLApWhVZbFqd91RT8jq8UWRunwFyJpLaTOUGSJHEHANrGQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1006267.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 958 B
2 KB 145ms
117ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&e=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: e507befa-8ff9-4a46-a86c-c5c4350cf75f
x-runtime: 0.002830
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"14c59924cdca7796d9578872e6933998"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 86f4d0e8ad36360c-FRA

GET
H2 200 e666a54d-ff29-48f9-9baa-2be6ac05412e.js Show response
j.6sc.co/j/ 837 B
837 B 396ms
394ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
content-encoding: gzip
date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 438
pragma: no-cache
last-modified: Fri, 18 Aug 2023 17:22:32 GMT
server: AmazonS3
etag: "29df5bb770be8e518fe2206581f712a6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: lfsGimGktxRd3-RC0zFQexYSMMobxavpwe7yDA3OyG77XfxKoJ06Iw==
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 133ms
99ms Script
text/javascript 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 367b0a428642139abddf847755504eb5c7c7e65b95429e9949833a68ac4da984

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 22:43:13 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 10 KB
4 KB 82ms
53ms Script
application/javascript 65.9.95.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-45.prg50.r.cloudfront.net

Software

Resource Hash

20a08b12c57107d444fecc539f41c36996bf9dbb322fab275314b3ce246c3823

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 04 Apr 2024 22:43:13 GMT
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
etag: W/780db7268aeb9dacc94e2f1772607b11
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: jhx_uBaM0TuAztuSbj-1EsqQdHw6Xeg5DnvANVXMwtJg1IduzsUWdg==

GET
H2 200 NeverBounce.js Show response
cdn.neverbounce.com/widget/dist/ 96 KB
29 KB 63ms
11ms Script
application/javascript 65.9.95.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-100.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 19:51:10 GMT
content-encoding: gzip
via: 1.1 e14614617e85116e937d5168b35a94de.cloudfront.net (CloudFront)
last-modified: Mon, 02 Mar 2020 18:37:33 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 10324
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: arl3iW16TL1_QQyS4XAgTaxRPF0SinHqvJAr-4QX1rn7aZ8RVro3vg==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 70ms
33ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 25785
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 86f4d0e909089761-FRA
expires: Thu, 04 Apr 2024 23:03:13 GMT

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 8 KB
3 KB 54ms
8ms Script
application/javascript 2600:9000:2127:2e00:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:2e00:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

22b1fb6f9f99cbad02dd31a2a03ad13f70ff07bd59d1e584b17766708c58d4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: lw__cHl8hG2Sna8GFnUAXox5scayrVfV
content-encoding: gzip
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 04:57:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: PRG50-C1
age: 64954
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 05 Mar 2024 21:33:37 GMT
server: AmazonS3
etag: W/"fc1d11633ce7d2722bf71a7e7f5abde8"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: zDpbQc-2Xc1RPolErJUFZ0_5sfbjzKGHhI3y5EmIYoUVSGeOEbunWw==

GET
H2 200 site-insights.js Show response
cdn.metadata.io/ 3 KB
1 KB 51ms
9ms Script
application/javascript 2600:9000:2127:2e00:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-insights.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:2e00:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

86f3464b435f45ef498bc2a621cad3de242cfae23932b1f8a02244309a68173b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: EKO3EAYu2jpZrdQQfpOFGk3pdfA6AAQC
content-encoding: gzip
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 01:27:08 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: PRG50-C1
age: 76578
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 22 Mar 2024 02:23:38 GMT
server: AmazonS3
etag: W/"0b8c32bd74fbe7b22dd7487f9d663115"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: _SedORc2vRSuWlXXbivbfa7U_0Vqw15YAyqSYhPTRmlSxenrCdpkVw==

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/ 43 B
417 B 381ms
92ms Image
image/gif 52.21.250.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.21.250.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-21-250-58.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 04 Apr 2024 22:43:13 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,9f6e75ed8c79f23a8a840ad2ad7b1b45,10.0.0.99,50416,81.95.5.37,,3283140007,1,1712270593.742,0.002,,.,0,0,0.000,0.000,-,0,0,203,205,102,10,34729,,,,,,-,
Content-Type: image/gif

GET
H2 200 6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 19 KB
19 KB 9ms
8ms Font
application/octet-stream 2600:9000:235a:ea00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:ea00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: 1upZc36cdk27x7Arg8l9thaL3L34ome5
via: 1.1 ad82d8a80f2c6497aad660c7722475c0.cloudfront.net (CloudFront)
age: 8475605
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 19348
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "a0118c6d18835732ae0eb880babc7598"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: Uk8zCeH8fqeLDVXK6wqp_5Zq6zvahbKjBnH-qx8xWPkQqx-EB_nbOA==

GET
H2 200 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js Show response
huntresscdn.com/ 111 KB
112 KB 204ms
176ms Script
text/plain 2606:4700:20::ac43:44da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGJTGaU5W2XollZHzE62rbGpR5QmUEsmVA8p5dsevh9WdUb7NlhmXKMbxOnlDPiM9TkXb5rvV0aekiIPtBftOoCt9ROGoIt4rNArjL67UMGyb%2Fn5VsYA%2FH9qko92CQXmypvePgwvpcmT7y%2BDcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: maxage=14400
cf-ray: 86f4d0e95b919a21-FRA
content-length: 113865

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1712270400000/ 70 KB
22 KB 49ms
24ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1712270400000/3911692.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d9f49166505c59f2cecf5d0e790ee32f3049e93d0ccfea46603d224a3ee784e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 90ZSQ7T7ZKPJE6DQ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a735b718-6f3b-452f-a734-69bfd60ab46f
age: 76
x-envoy-upstream-service-time: 36
x-amz-id-2: LXvHpZ/p2vNLpvaFTn3nZreAjtT202it9aYNvfUqnyZMEJHr0LyFTzpw/U++n6DquJ2RBfgA4tQ=
x-evy-trace-listener: listener_https
x-request-id: a735b718-6f3b-452f-a734-69bfd60ab46f
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Apr 2024 15:49:38 GMT
server: cloudflare
etag: W/"1f61a021370c342fe3e1c2f68f8c9cb5"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 86f4d0e979fa9b94-FRA
expires: Thu, 04 Apr 2024 22:46:57 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 58ms
18ms Script
application/javascript 2606:4700::6812:7d0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7d0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 46949
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js&cfRay=86f056b2caab19ad-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d252299cef5b9176cf0435e72e0baeeb"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js
date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: FzXUOelq5PzvbDhLOc3Au0ThiCBuXHAc
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 1abfcca4-5349-406b-898d-25eeccba6393
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1abfcca4-5349-406b-898d-25eeccba6393
last-modified: Wed, 03 Apr 2024 09:27:53 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
cf-ray: 86f4d0e98ea071cd-FRA
x-amz-cf-id: MY_j_kELvbVONVhaAQHeipAE0Od5C8SCISUsZ8ZXV6IOLPLDpuRX0A==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 151ms
113ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: TBuW8j2Zg4wDwUJfaxQJP8dPtvRalswh
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 2c2080ca-b777-4ceb-af7a-cebb02752808
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.487/bundles/project.js&cfRay=86f4d0e9894f1c3c-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2c2080ca-b777-4ceb-af7a-cebb02752808
last-modified: Thu, 28 Mar 2024 11:43:17 UTC
server: cloudflare
etag: W/"d1b5d702ce4c8385e7f9e088139af398"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-wwmrm
cf-ray: 86f4d0e9894f1c3c-FRA
x-amz-cf-id: qN4UAcE_5C_Bvay11OPo3V82mrZ4lvwTeLT945CbeDD2D_gd7GJj8w==
x-hs-target-asset: collected-forms-embed-js/static-1.487/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 156ms
130ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.995/bundles/project.js&cfRay=86f4d0e97dd39231-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d838571cd390adf273ef11f2c93c66a2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.995/bundles/project.js
date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: e6CBI7TNV0080vUb0QC9_Ce844NXultr
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e6ddaa40-9593-47ed-8b1a-75d13a69f4a4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: e6ddaa40-9593-47ed-8b1a-75d13a69f4a4
last-modified: Wed, 20 Mar 2024 13:03:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lf34R9of%2FOyLvCBF86wFNXxkkFRBgfCpBvT%2FqggYzb7IfbB8a9XuHIJ510cDHsZsMRoiU%2F3dVeloqKK5h2WyZ2C2T6zA67pddbCf7SmIPappbuu4OlYBJfytmyN0gCDJ5KoBDO4ym24kTKLh"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-bsp24
cf-ray: 86f4d0e97dd39231-FRA
x-amz-cf-id: jSNoC2JiQ3PtfnZyWLPMdGBBaoQrert1BxP3m-gDMvtoKFnCpfiqcg==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 55ms
19ms Script
application/javascript 2606:4700::6811:e3a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: NPmBAW9YLDyQDhAGPmBdyF1DJfeS0dQT
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 463
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.546/bundles/pixels-release.js&cfRay=86f4c599182a372c-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 01adf2d7-8317-414d-b3cc-8a35bd65e2ea
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 01adf2d7-8317-414d-b3cc-8a35bd65e2ea
last-modified: Thu, 04 Apr 2024 13:54:33 UTC
server: cloudflare
etag: W/"437693b047b4419d0e2549e3f640e3c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-xzfkt
cf-ray: 86f4d0e98e9703ec-FRA
x-amz-cf-id: HOSGEF76w3iUqKguTnI5IFj6pWqum_6uvQKoJ_OSVGaKrHxHOBHNKg==
x-hs-target-asset: adsscriptloaderstatic/static-1.546/bundles/pixels-release.js

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 61 KB
17 KB 57ms
18ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75bb32a2e2126660c4f0883898ae834da739f3eeeb1b888bdab2e3044927ce85

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-amz-version-id: 0vKE8CjslpJ4jPhtIMQWg4QuBW7ST_YP
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 4J9A150SE9PSX5CD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 6e33c683-4be6-4a3b-8c36-824cdf94817c
age: 76
x-envoy-upstream-service-time: 26
x-amz-id-2: tozklMoWb9KA509zKn1WVTRiEobsBnQ+Ew6+eqDwBEo6ezg4PXC7eNojO8VlYN4KsW4At9vWaYc=
x-evy-trace-listener: listener_https
x-request-id: 6e33c683-4be6-4a3b-8c36-824cdf94817c
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 29 Mar 2024 16:24:00 GMT
server: cloudflare
etag: W/"c5ae70fcbbbf610ecb86f40ac244c47f"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6dfb9475dd-r2qwz
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 86f4d0e98a4b2c3f-FRA
expires: Thu, 04 Apr 2024 22:46:57 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 204ms
180ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=00693349-ef4c-4ce7-ab94-c0eeb799a2d6&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=79d1d235-a524-4dfc-802a-0f302f34838c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 173
date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: aee5ad6dae4703fe
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 8239004e025bb0df56da61f68871a079276da2fb6daad4de815b07e609b1f284
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
725 B 157ms
111ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=00693349-ef4c-4ce7-ab94-c0eeb799a2d6&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=79d1d235-a524-4dfc-802a-0f302f34838c&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 104
date: Thu, 04 Apr 2024 22:43:12 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 0ef49abbf5e5c35a
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 47a84de5482928f9d8976581d3c4ff4773ec9106e4b8eeb5573e3e29538b355b
content-length: 43

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 44ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je4410v9122196611z89171248136za200&_p=1712270592849&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1914102813.1712270594&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712270593&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&dt=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=964
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 69ms
18ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GCTMBVFESS&cid=1914102813.1712270594&gtm=45je4410v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 34ms
17ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=1914102813.1712270594&gtm=45je4410v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1354074400

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 t2_12z44i_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 30ms
12ms XHR
application/json 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 98

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
75 B 32ms
8ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1712270593517&id=t2_12z44i&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=ce4ddef7-7bbd-4081-862c-a136ee22e4b8&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 25ms
7ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1712270593517&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=ce4ddef7-7bbd-4081-862c-a136ee22e4b8&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1712270593518%26li_adsId%3D94264338-27be-4e98-9e53-9c770e2b034d%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-un...

0
265 B

224ms
190ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQL-ZCp8PuHRCQAAAY6rR9AxvDpZHvLCBHg0tr_81gGWzvbXsvpnUA4ZVk914_Jw
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 3256CDB7AA1A484FA367ADC82576D71D Ref B: FRAEDGE1311 Ref C: 2024-04-04T22:43:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVTRCIfPUuQfghMSkFWg==

Redirect headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2BD2CC0023574387961308E88C90DBF1 Ref B: FRAEDGE1416 Ref C: 2024-04-04T22:43:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712270593518&li_adsId=94264338-27be-4e98-9e53-9c770e2b034d&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQL-ZCp8PuHRCQAAAY6rR9AxvDpZHvLCBHg0tr_81gGWzvbXsvpnUA4ZVk914_Jw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVTRCFHEymRH1bVkOXFg==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
621 B 220ms
187ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.huntress.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BA00359F3B95440785C70D9FD9271222 Ref B: FRAEDGE1416 Ref C: 2024-04-04T22:43:13Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.huntress.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYVTRB+U7avECpRXzAVyw==

POST
H3 200 429191348
google.com/pagead/form-data/ 0
0 47ms
15ms Ping
text/html 172.217.18.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/pagead/form-data/429191348?gtm=45be4410v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=1337982817.1712270593&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra02s19-in-f14.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

POST
H3 204 429191348
google.com/ccm/form-data/ 0
17 B 46ms
15ms Ping
text/plain 172.217.18.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/429191348?gtm=45be4410v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=1337982817.1712270593&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra02s19-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 403957864408442 Show response
connect.facebook.net/signals/config/ 65 KB
13 KB 96ms
94ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/403957864408442?v=next&r=canary&domain=www.huntress.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C42%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C155%2C132%2C27%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a4f1eb17105eabb75b4750c05f469c570e3c18cc79aab3fdd2dfc8d657ca7266

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 04 Apr 2024 22:43:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=66, mss=1294, tbw=64642, tp=-1, tpl=-1, uplat=87, ullat=0
pragma: public
x-fb-debug: 36b+Bng9nIS/V1gWlhV9A4l16TXsHt/s++vQGnBUw8z9mk7aVrr3f+rs1y2f7OYYyqJEAjZNnFwB+b1sKNeq7Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 3A3B 0
0 32ms
31ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=hh28byczbzn6

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vBnFjQA0sMEqQM59cQpVvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vBnFjQA0sMEqQM59cQpVvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 04 Apr 2024 22:43:13 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 187059084.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 32ms
32ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187059084.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Thu, 04 Apr 2024 22:43:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C0D0D3499CA4825BC984D11567CA1C7 Ref B: FRA31EDGE0814 Ref C: 2024-04-04T22:43:13Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
287 B 36ms
36ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=663e0e54-79b9-4dd0-80c9-9d03e4519b33&sid=b867c1b0f2d411eebd3683dd681e73b7&vid=b867cfe0f2d411eebf2909a33d023776&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=800&sh=600&sc=24&tl=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&r=&lt=1017&pt=1712270592551,,,,,1,43,43,43,134,73,135,195,203,197,1003,1007,1017,,,&pn=0,0&evt=pageLoad&sv=1&rn=296739

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 04 Apr 2024 22:43:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1CDA1C03B36D463D89785DF9F81984D1 Ref B: FRA31EDGE0814 Ref C: 2024-04-04T22:43:13Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 traffic
api-gw.metadata.io/ 0
0 186ms
186ms Fetch
application/json 35.83.8.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.83.8.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-83-8-35.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 42414856-ca2b-4f50-8744-e46e3bc88aa5
access-control-max-age: 1728000
access-control-allow-methods: OPTIONS,POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length: 0
x-amzn-remapped-date: Thu, 04 Apr 2024 22:43:14 GMT
x-amz-apigw-id: VuP4ZED3vHcEk6Q=

OPTIONS
H2 200 traffic
api-gw.metadata.io/ Frame 0
0 565ms
182ms Preflight
application/json 35.83.8.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.83.8.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-83-8-35.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
content-type: application/json
date: Thu, 04 Apr 2024 22:43:14 GMT
x-amz-apigw-id: VuP4XEEuvHcEsZg=
x-amzn-requestid: 3bc18b21-3b42-40fd-94c6-468b31128237

GET
H2 200 modules.4bbac2bdc7f1b66d3009.js Show response
script.hotjar.com/ 221 KB
55 KB 39ms
8ms Script
application/javascript 13.32.27.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.4bbac2bdc7f1b66d3009.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-19.fra56.r.cloudfront.net

Software

Resource Hash

261e44bd5998183c1bde239149a4be112fd5afd76c1efb12da82f24cf20561d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 12:55:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 208087
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55706
last-modified: Tue, 02 Apr 2024 12:54:16 GMT
etag: "d8eecaf9ad4fc4bf64b1230f03df9166"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: l7KDhmLM0x0x0fktk9rtI3nQA2KkWMIQiZcCIPijRj1gDjLX3bLiNA==

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
439 B 126ms
126ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1712270593600&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17715818
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPoq2hdIWibqvWHfzorxnPXUoVo6iivJSr75G0080lz4_lOuU3Y59ab09rrl8lciHyHYJg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 04 Apr 2024 23:43:13 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 130ms
106ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1712270593600&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 04 Apr 2024 22:43:13 GMT
expires: Thu, 04 Apr 2024 22:43:13 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPpc_9bxGZizTpaxhDTencU-g6079VeV6pbU2hRpdZSdV8_4CF2riIOnAlu12WxcLPGRpA

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 53ms
32ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12411163a6bf7af9495ce3fb6a090808b299d9830705a01877cfc6107bc531d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-0Gy9IqrKzf3Mb5N9caCqNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 97ms
97ms Stylesheet
text/css 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 45fc084d4788e26e26855549406938f7d5be45e6a9d8469681d4026f6b7e2f6c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 22:43:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 112ms
98ms Fetch
image/jpeg 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 22:43:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 111ms
97ms Fetch
image/jpeg 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Thu, 04 Apr 2024 22:43:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 125ms
109ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 86f4d0ea387ebbf8-FRA
content-length: 0
content-type: application/octet-stream
date: Thu, 04 Apr 2024 22:43:13 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-snf7h
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: f4567a33-8f38-4e0a-a303-da6a0bc1c855
x-request-id: f4567a33-8f38-4e0a-a303-da6a0bc1c855

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
175 B 120ms
119ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d0482c99-0710-4542-8542-b9d6a181a6e9
x-envoy-upstream-service-time: 15
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d0482c99-0710-4542-8542-b9d6a181a6e9
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 86f4d0eae929bbf8-FRA

GET
H2 200 187059084 Show response
www.clarity.ms/tag/uet/ 829 B
1 KB 164ms
99ms Script
application/x-javascript 2620:1ec:46::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187059084
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/187059084.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e71d5ee02cb7138bf65f1cc1f2782c5852607c5810e1bf1778004c63a8a4e17e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Thu, 04 Apr 2024 22:43:13 GMT
x-azure-ref: 20240404T224313Z-164d799447dntct7yk8yv9rppg00000001c0000000004w4c
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 829
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
435 B 117ms
106ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1aab3f2d-818c-46e0-9af8-2df803cb74c2
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1aab3f2d-818c-46e0-9af8-2df803cb74c2
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-7rrlj
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 86f4d0ea69fb1c3c-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 433 B
1 KB 146ms
137ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 38d321ea-0c17-4782-a175-64d63cbe0612
content-encoding: br
x-envoy-upstream-service-time: 12
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 38d321ea-0c17-4782-a175-64d63cbe0612
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X4yOSJzv3q2m41i4gf2f4U9Midpn9s%2BA6yqIMrlG8rL63W1zKmIJ%2BFuRZwDwnOJnREWGzQe5eYZDH0TG0ve4uG8YbaZqff707MHyWLGJdrQmJXOI5dCtN10wEb3MuOtg8YwHQ6VFn1%2BEVsg0ngATsDiV0S8WgomBIE8%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 86f4d0ea7e349231-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-srbbm

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 28ms
7ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&rl=&if=false&ts=1712270593667&sw=800&sh=600&v=next&r=canary&ec=0&o=4126&fbp=fb.1.1712270593665.564577065&cs_est=true&ler=empty&cdl=API_unavailable&it=1712270593552&coo=false&uppt=0&uvpt=0&ttf=1115.599998474121&bdt=44.79999923706055&bdsize=230554&btsize=59352&brbs=0&cdt=96.79999923706055&cdsize=66898&ctsize=13600&crbs=0&let=17.5&upcl=0&upurlcl=4&estcl=6&iwlpcl=0&rqm=GET

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1294, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 04 Apr 2024 22:43:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

OPTIONS
H2 200 tp2
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/ Frame 0
0 33ms
8ms Preflight
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: https://www.huntress.com
content-length: 0
content-type: application/json
date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin

POST
H2 200 tp2 Show response
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/ 53 B
325 B 159ms
144ms XHR
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2

Requested by

Host: huntresscdn.com
URL: https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-methods: GET, POST, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 53

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/fa761abe/www-widgetapi.vflset/ 216 KB
67 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/fa761abe/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfc22aa61526b54bd655a11d628c6a6522c714fd355633936052ffb93368f397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 20:50:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68393
x-xss-protection: 0
last-modified: Tue, 02 Apr 2024 04:18:13 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 04 Apr 2025 20:50:54 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
333 B 98ms
98ms XHR
text/plain 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&tip=NN7LyDBqm2iBvdtsZXh3HCy09jlB1b7Romyd3ffyiFU&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9c20b79d38b1655e251ca93c52ac8c5f4515f0525&sa-user-id-v3=s%253AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCB2rywBjABOgT7-sM6QgQkWBlE.PVruYjIUoV8hw4YlkP4tRx1aDwlDaUeShpVECAgifpY&sa-user-id-v2=s%253Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM&sa-user-id=s%253A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.huntress.com
date: Thu, 04 Apr 2024 22:43:13 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
333 B 100ms
100ms XHR
text/plain 3.76.146.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&tip=NN7LyDBqm2iBvdtsZXh3HCy09jlB1b7Romyd3ffyiFU&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=%270-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9c20b79d38b1655e251ca93c52ac8c5f4515f0525&sa-user-id-v3=s%253AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCB2rywBjABOgT7-sM6QgQkWBlE.PVruYjIUoV8hw4YlkP4tRx1aDwlDaUeShpVECAgifpY&sa-user-id-v2=s%253Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM&sa-user-id=s%253A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.76.146.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-76-146-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.huntress.com
date: Thu, 04 Apr 2024 22:43:13 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 8ms
8ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
283 B 308ms
104ms Script
application/javascript 3.230.6.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_960859

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.230.6.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-230-6-246.compute-1.amazonaws.com

Software

nginx /

Resource Hash

66c25b9323f64bd8ec43e4fdbf02b022f48edaad99b534e06b99bd88d3adb5e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private
x-ua-compatible: IE=Edge

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 63 B
282 B 317ms
114ms Script
application/javascript 3.230.6.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_710394

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.230.6.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-230-6-246.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f0445542faf1f8143646747bf1a92c8fa48427e0cfe0b49679dedb231a7cfed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private
x-ua-compatible: IE=Edge

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
885 B 157ms
138ms Image
image/gif 104.17.207.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.207.249 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2bf2ea06-6445-47a2-91d0-7aebba4e30c9
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2bf2ea06-6445-47a2-91d0-7aebba4e30c9
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-vfbrb
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 86f4d0eb3eb69137-FRA

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 21ms
8ms XHR
text/html 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
301 B 69ms
17ms XHR
text/html 2a02:26f0:480:23::1726:62a3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.huntress.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:2b::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712270593817_388391907_573194453_24_788_6_24_219";dur=1
content-length: 14
expires: Thu, 04 Apr 2024 22:43:13 GMT

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame 92B3 0
0 20ms
19ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EVECkmWjIwU1v36IXJ8H7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-EVECkmWjIwU1v36IXJ8H7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 04 Apr 2024 22:43:13 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.26/ 60 KB
25 KB 14ms
13ms Script
application/javascript 2620:1ec:46::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.26/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187059084
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2024 13:40:06 GMT
etag: W/"0x8DC52513DD96806"
vary: Accept-Encoding
x-azure-ref: 20240404T224313Z-164d799447dntct7yk8yv9rppg00000001c0000000004w4g
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 6b25eb8d-501e-0029-2cc9-8610af000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
890 B 149ms
133ms Image
image/gif 104.17.207.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.207.249 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: cc42af62-d5be-4bdd-bd9d-8db1ad29cea4
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cc42af62-d5be-4bdd-bd9d-8db1ad29cea4
last-modified: Thu, 04 Apr 2024 22:43:13 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-6hhpr
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 86f4d0eb7efe9137-FRA

GET
BLOB 200
OK 8318345e-4d69-42b2-9a77-3d1249add41f
https://www.huntress.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.huntress.com/8318345e-4d69-42b2-9a77-3d1249add41f
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

POST
H/1.1 204
No Content collect Show response
g.clarity.ms/ 0
296 B 702ms
395ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Thu, 04 Apr 2024 22:43:14 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
697 B 67ms
14ms XHR
application/json 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:14 GMT
an-x-request-uuid: 2209d7f8-6dc7-4f68-8d74-1faff76cc21b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.37; 81.95.5.37; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 9ms
9ms XHR
text/html 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
300 B 8ms
8ms XHR
text/html 2a02:26f0:480:23::1726:62a3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:14 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.huntress.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:2b::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712270594414_388391907_573194891_21_835_11_0_219";dur=1
content-length: 14
expires: Thu, 04 Apr 2024 22:43:14 GMT

GET
H2 200 core
rc-widget-frame.js.driftt.com/ Frame CEC5 0
0 385ms
359ms Document
text/html 65.9.95.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=7b843438-e3e6-4212-9f71-892f7665b651&sessionStarted=1712270594.414&campaignRefreshToken=3ee99459-e1a1-4620-b2e3-86f74ae99f5d&pageLoadStartTime=1712270592754&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1712270700000/5d3cypit2iz8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-69.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Thu, 04 Apr 2024 22:43:14 GMT
etag: W/"6a5cea74d414ec151635bd2880abb1c3"
last-modified: Mon, 21 Aug 2023 14:57:03 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
x-amz-cf-id: V_Dyb_vDgNrxgk_2x-lOIUFViY-TTp5T9ALeqnfTXdl0Bf400ltylg==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 18

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 48ms
21ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa8204005ed25e30f3ee56dbad3afa3c011e12636e75decf2b1aaf22a1c326dd

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
x-amz-version-id: jWuK40m0MUEUayB9sycJH0u7f85X3F2r
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: FRA56-P4
age: 56437
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Mar 2024 07:02:18 GMT
server: cloudflare
etag: W/"2cd903354c7c864dbd543d268219ef1d"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 86f4d0ef5a97bb7f-FRA
x-amz-cf-id: RJbaCLOz0MQVWqhZ6XUU9Xr293dgomjy47GAfhOutRx8FrFZkmwLLA==

GET
H2 200 blockedDomains.json Show response
hubspotonwebflow.com/assets/js/ 98 KB
23 KB 19ms
19ms Fetch
application/json 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/assets/js/blockedDomains.json

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::gt7rf-1712270594428-482775b19c78
age: 1242576
x-matched-path: /assets/js/blockedDomains.json
etag: W/"04708d47dd194d37b8231a65de7a66f1"
x-vercel-cache: HIT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="blockedDomains.json"

GET
H2 200 blockList Show response
hubspotonwebflow.com/api/forms/ 47 B
137 B 152ms
152ms Fetch
application/json 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::iad1::stpg7-1712270594428-d89d84b68b31
age: 0
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-vercel-execution-region: iad1
cache-control: public, max-age=0, must-revalidate
access-control-allow-headers: Content-Type, Authorization

GET
H2 200 blockList Show response
hubspotonwebflow.com/api/forms/ 47 B
328 B 146ms
146ms Fetch
application/json 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::iad1::kb59d-1712270594428-f1edf157bac8
age: 0
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-vercel-execution-region: iad1
cache-control: public, max-age=0, must-revalidate
access-control-allow-headers: Content-Type, Authorization

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 240ms
215ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding+the+ConnectWise+ScreenConnect+CVE-2024-1709+%26+CVE-2024-1708+%7C+Huntress+Blog&cts=1712270594429&vi=c025da633d8e22afc37389d55093d226&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8c5ae210-1278-4156-a126-ae8bcc61f0f8
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 21
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8c5ae210-1278-4156-a126-ae8bcc61f0f8
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kf68p2ZcfqUx5hPZBfsTJ%2B31vRpQ84Sk%2FloI37BtCdiXj8M1N1BmsnEEeIa5p%2BsNjqgxNAfaGIRNI%2FsKBTxUbVyCYasOGv%2FlCL93XIZkY%2BQET5f%2BhKn5Gs%2B%2FqxFEjXrACB961Ur6quOZK4WW9Q0H"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-w7thh
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 86f4d0ef5fb318c7-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&RedC=c.clarity.ms&MXFR=3328A43C888D635F0701B06B8C8D6DB3
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&MUID=0E93E2F978B863AD2278F6AE79146241

42 B
441 B

29ms
29ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&MUID=0E93E2F978B863AD2278F6AE79146241
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Apr 2024 22:43:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE5201A8E7904A3396BBE11055179372 Ref B: FRA31EDGE0814 Ref C: 2024-04-04T22:43:14Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=410DE0050032459CA43A65338FBBBA60&MUID=0E93E2F978B863AD2278F6AE79146241
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 210ms
194ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 415ms
394ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: VuP4chQ_PHcES4w=
cf-cache-status: DYNAMIC
cf-ray: 86f4d0ef9c876973-FRA
date: Thu, 04 Apr 2024 22:43:14 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 9ac192ffc1203361ea1141b56df84966.cloudfront.net (CloudFront)
x-amz-cf-id: rHL3t3nDszRzZec_Mzjx4JxlTPtIKkChuCWAsZ3YRFUsnUe1Y2gBYg==
x-amz-cf-pop: AMS58-P3
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
516 B 435ms
434ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8c7fbd84d1f8e2098985c70243dfe1567d6566c6ac1720ffd64770a3700291a8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 5880e3e5891679926699
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.huntress.com/
visited_url: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Response headers

date: Thu, 04 Apr 2024 22:43:15 GMT
via: 1.1 9ac192ffc1203361ea1141b56df84966.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P3
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: VuP4jhEuPHcESKg=
server: cloudflare
etag: W/"92-09SRZjoabqBfviX5bx6Q348+eb4"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 86f4d0f21de96973-FRA
x-amz-cf-id: PHaHUfFbLxdWs40MOQdJdU-NA9xa8sh90T2vynfF8yZd-xr7ah2_Bg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 198ms
198ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 203ms
203ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
g.clarity.ms/ 0
296 B 126ms
125ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Thu, 04 Apr 2024 22:43:15 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H3 200 / Show response
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ 3 KB
2 KB 274ms
257ms Fetch
text/javascript 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

398e5db09b2d6213a7eab3ce8556e61a5774e4657f1e63763abf0bb867a7658b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Referer: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
_vtok: ODEuOTUuNS4zNw==
_zitok: 143c9c0fe5a5c97d80351712270595
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 86f4d0f5fff82c6a-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ Frame 0
0 173ms
146ms Preflight
text/html 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.huntress.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86f4d0f4fd728ec5-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 04 Apr 2024 22:43:15 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 196ms
196ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A13%20GMT%22%2C%22timeSpent%22%3A%222179%22%2C%22totalTimeSpent%22%3A%222179%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:15 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 195ms
195ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223180%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:16 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 66030a0ceace49bce51c36de_favicon-32x32.png
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 1 KB
2 KB 9ms
9ms Other
image/png 2600:9000:2127:b600:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:b600:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:08:04 GMT
x-amz-version-id: zgVWaHGriVUpkEY2ghAZ8_qygV1PEHYb
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
age: 700513
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1294
last-modified: Tue, 26 Mar 2024 17:46:53 GMT
server: AmazonS3
etag: "966e794cd99e0b0b48cd4df13cdc04a5"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 17AssPTaFeQYpLA1qPLbrLBMWrVYxAkmpX08iv6I4gvdR7TipGedLA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 195ms
195ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A16%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224180%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:17 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 191ms
191ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=8d46d80a-4280-4ea6-80f6-f49c014b25ae&session=b5cbc174-fd20-4d16-855d-7fcb2f85f2c0&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2004%20Apr%202024%2022%3A43%3A17%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225181%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=0a5734e9-3252-497a-81e3-bdba28e673f2&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:43:18 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: D2RxGig0jNc
.youtube.com/	1970-01-20 23:57:02	Name: VISITOR_INFO1_LIVE Value: 4xTKXfEKDq8
.youtube.com/	1970-01-20 23:57:02	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgLA%3D%3D
.huntress.com/	1970-01-20 21:47:26	Name: _gcl_au Value: 1.1.1337982817.1712270593
.techtarget.com/	1970-01-20 19:37:52	Name: __cf_bm Value: yZaDOYlaa3WRxC1XhNp8RI9Zfjt61eYUyiFrQnsNzgs-1712270593-1.0.1.1-DYMAJQ6D7_ZwR0tZ1IaMyN26ga13vw_0RdqX8appXTto7GfcpA1ZuTS1GKvcKJ8aP7.vGq3EcKopt4Hv5laApQ
tags.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id Value: s%3A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id Value: s%3A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
tags.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id-v2 Value: s%3Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM
.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id-v2 Value: s%3Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM
tags.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id-v3 Value: s%3AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCB2rywBjABOgT7-sM6QgQkWBlE.PVruYjIUoV8hw4YlkP4tRx1aDwlDaUeShpVECAgifpY
.srv.stackadapt.com/	1970-01-21 04:23:26	Name: sa-user-id-v3 Value: s%3AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCB2rywBjABOgT7-sM6QgQkWBlE.PVruYjIUoV8hw4YlkP4tRx1aDwlDaUeShpVECAgifpY
tracking.g2crowd.com/	1970-01-20 19:58:00	Name: _session_id Value: 7c1f455334fc979cf1649f9239954c89
.g2crowd.com/	1970-01-20 19:37:52	Name: __cf_bm Value: kItxYQoYU2wxJ3OPSsciqZm3u.OSEwrbd5nVdueRc4Y-1712270593-1.0.1.1-Tbxd2si1uTLn947rNx0c8Lrw4eD0Uyky.SnH4KrFV_dC1u1wZe5SNmwJNcmqDD_jyRFWYNqV4bqKO6wnotaZQg
.huntress.com/	1970-01-21 05:13:50	Name: _ga_GCTMBVFESS Value: GS1.1.1712270593.1.0.1712270593.60.0.0
.huntress.com/	1970-01-21 05:13:50	Name: _ga Value: GA1.1.1914102813.1712270594
.huntress.com/	1970-01-20 21:47:26	Name: _rdt_uuid Value: 1712270593517.ce4ddef7-7bbd-4081-862c-a136ee22e4b8
.huntress.com/	1970-01-20 19:39:16	Name: _uetsid Value: b867c1b0f2d411eebd3683dd681e73b7
.huntress.com/	1970-01-21 04:59:26	Name: _uetvid Value: b867cfe0f2d411eebf2909a33d023776
www.huntress.com/	1970-01-21 04:23:26	Name: Metadata_visitor_id Value: lultp9ocpzl4fegm87
www.huntress.com/	1970-01-20 19:37:52	Name: Metadata_session_id Value: lultp9odg50zt0r0c9l
www.huntress.com/	1970-01-21 04:23:26	Name: sa-user-id Value: s%253A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
www.huntress.com/	1970-01-21 04:23:26	Name: sa-user-id-v2 Value: s%253Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM
www.huntress.com/	1970-01-21 04:23:26	Name: sa-user-id-v3 Value: s%253AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCB2rywBjABOgT7-sM6QgQkWBlE.PVruYjIUoV8hw4YlkP4tRx1aDwlDaUeShpVECAgifpY
.bing.com/	1970-01-21 04:59:26	Name: MUID Value: 0E93E2F978B863AD2278F6AE79146241
.twitter.com/	1970-01-21 05:13:50	Name: guest_id_marketing Value: v1%3A171227059360473898
.twitter.com/	1970-01-21 05:13:50	Name: guest_id_ads Value: v1%3A171227059360473898
.twitter.com/	1970-01-21 05:13:50	Name: personalization_id Value: "v1_jlNUC6dNDRjg99PLcqF2wQ=="
.twitter.com/	1970-01-21 05:13:50	Name: guest_id Value: v1%3A171227059360473898
.linkedin.com/	1970-01-20 21:47:26	Name: li_sugr Value: ffc951f6-9c13-4a02-8d51-1bb8c7d60d32
.huntress.com/	1970-01-20 21:47:26	Name: _fbp Value: fb.1.1712270593665.564577065
.huntress.com/	1970-01-21 04:23:26	Name: _hjSessionUser_2159185 Value: eyJpZCI6IjM3NzkyMmU1LWQyZTAtNTVkNC05NjkzLTg0NWM1YTlmY2NiZCIsImNyZWF0ZWQiOjE3MTIyNzA1OTM2OTEsImV4aXN0aW5nIjp0cnVlfQ==
.huntress.com/	1970-01-20 19:37:52	Name: _hjSession_2159185 Value: eyJpZCI6IjFjOWI5ZTFiLTA5ZTctNGQ4Zi1iZjFjLWVlN2Y1ODc4MDk3NyIsImMiOjE3MTIyNzA1OTM2OTEsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.t.co/	1970-01-21 05:13:50	Name: muc_ads Value: 26cbb124-0c68-4732-a371-4bb8c2f9ac1d
.huntress.com/	1970-01-20 19:37:52	Name: _sp_ses.1564 Value: *
.huntress.com/	1970-01-21 05:13:50	Name: _sp_id.1564 Value: 39d51f88-fd31-470d-b1ff-ee565b2ff85e.1712270594.1.1712270594.1712270594.b4b49ee8-9500-446d-8c5a-b6dbc87e0f61
.linkedin.com/	1970-01-20 19:39:16	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3184:u=1:x=1:i=1712270593:t=1712356993:v=2:sig=AQGeyaJ7sksNDsST-dOzZBPGum1U8iOb"
www.clarity.ms/	1970-01-21 04:23:26	Name: CLID Value: 5dfffd9ac0154cc1acf7ba539892c30b.20240404.20250404
.linkedin.com/	1970-01-20 20:21:02	Name: UserMatchHistory Value: AQI0CpZCOAVuMgAAAY6rR866v5y7G-k-dqHijCWViN3VL6DoVumCbZABvfng-iEobaPU0Ikob0EAuA
.linkedin.com/	1970-01-20 20:21:02	Name: AnalyticsSyncHistory Value: AQJfDgKOKCHgUgAAAY6rR8662GTaI88WyIu1-8v47ijoC4rSLVu6Wfra4MNukYPJPoJi7VfF_hkrSceQ4EibTw
.linkedin.com/	1970-01-21 04:23:26	Name: bcookie Value: "v=2&bfde4b20-2d70-419b-8418-7411b373d261"
.huntress.com/	1970-01-21 04:23:26	Name: _clck Value: 2bdr2k%7C2%7Cfkn%7C0%7C1555
.hsforms.com/	1970-01-20 19:37:52	Name: __cf_bm Value: svaR5g_kmMguK63ROnbW6ghlfBdF9fe3IvXrmhyLUN0-1712270593-1.0.1.1-IPHuhOMJ6yBKla4HVfVp7NoSyYHx0.oWhiasuJuEMA.0jyS3hTTP6wRn4zObUwhIQs1IO4zl4miWNy4oTWy5hw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: DosA8f0dnwOPzi7hlqLj8mp62OAxKTxx_TSCQ6cBTyk-1712270593958-0.0.1.1-604800000
.www.linkedin.com/	1970-01-21 04:23:26	Name: bscookie Value: "v=1&202404042243139a5ff3e8-b9b8-4a1f-86df-64f7be6c109cAQGX8d6bfoRfiy_M5maSZ6hmrd008BQh"
.linkedin.com/	1970-01-20 23:57:02	Name: li_gc Value: MTswOzE3MTIyNzA1OTM7MjswMjHdMRfM31VJb8uWKdXfYgyxaNyqlcM8O/GTVLPs9BubiA==
www.huntress.com/	1970-01-20 19:37:52	Name: drift_campaign_refresh Value: 3ee99459-e1a1-4620-b2e3-86f74ae99f5d
www.huntress.com/	1970-01-21 05:13:50	Name: _gd_visitor Value: 8d46d80a-4280-4ea6-80f6-f49c014b25ae
www.huntress.com/	1970-01-20 19:38:04	Name: _gd_session Value: b5cbc174-fd20-4d16-855d-7fcb2f85f2c0
.adnxs.com/	1970-01-21 05:13:50	Name: receive-cookie-deprecation Value: 1
www.huntress.com/	1970-01-20 19:47:55	Name: _an_uid Value: 0
.c.bing.com/	1970-01-20 19:47:55	Name: MR Value: 0
.c.bing.com/	1970-01-21 04:59:26	Name: SRM_B Value: 0E93E2F978B863AD2278F6AE79146241
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 04:59:26	Name: MUID Value: 0E93E2F978B863AD2278F6AE79146241
.c.clarity.ms/	1970-01-20 19:47:55	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 19:37:51	Name: ANONCHK Value: 0
.huntress.com/	1970-01-20 19:39:16	Name: _clsk Value: 8qhxyx%7C1712270594643%7C1%7C1%7Cg.clarity.ms%2Fcollect
.hubspot.com/	1970-01-20 19:37:52	Name: __cf_bm Value: YMO7t3u_i3sF4SDTwrqBPXJ49gb8TPngwVFKWe1GJzI-1712270594-1.0.1.1-TbkDn.SVpQd5PHqHXa7Fh_BdendBgsoxneZxZNi0TVGgB_LaozBbHRhcy2FlfcH_urnF2HL5QEkVoiJJoCB5nw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 8jNBTWMD0AYIQlIfEhanxUWrF5QPTfIv84spH7LfUVQ-1712270594666-0.0.1.1-604800000
.6sc.co/	1970-01-21 05:13:50	Name: 6suuid Value: b8d01702969d0000022d0f66a6020000bdea4000
.www.huntress.com/	1970-01-21 04:23:26	Name: _zitok Value: 143c9c0fe5a5c97d80351712270595
.zoominfo.com/	1970-01-20 19:37:52	Name: __cf_bm Value: cxg0uLrRlmXCtBaa.A0ehkNIIV87J_.STtiawL.wqgg-1712270595-1.0.1.1-osrZ_JE2m.5W0lvhcGIukHaGTqkKeGYE2cbFjOz.FMKjCKC_9kO0TeGRWdFc.u1HlJcU40r0U0UQ1VoAuKsLdA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: SQcuasffJAdgs88sOV09wuYvq9UgFm5pDW0H3NWQbCU-1712270595769-0.0.1.1-604800000
www.huntress.com/	1970-01-21 05:13:50	Name: drift_aid Value: 0d9b60d8-9bbf-46a4-8f90-53d3e94f559a
www.huntress.com/	1970-01-21 05:13:50	Name: driftt_aid Value: 0d9b60d8-9bbf-46a4-8f90-53d3e94f559a

158 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 804) Message: Unrecognized feature: 'web-share'.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 804) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 804) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 804) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/403957864408442?v=next&r=canary&domain=www.huntress.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C42%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C155%2C132%2C27%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
alb.reddit.com
analytics.twitter.com
api-gw.metadata.io
api.neverbounce.com
assets-global.website-files.com
assets.website-files.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.metadata.io
cdn.neverbounce.com
client-registry.mutinycdn.com
connect.facebook.net
cta-service-cms2.hubspot.com
d3e54v103j8qbb.cloudfront.net
forms.hscollectedforms.net
forms.hsforms.com
g.clarity.ms
gist.github.com
github.githubassets.com
google.com
hubspotonwebflow.com
huntresscdn.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.na.chilipiper.com
js.zi-scripts.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
rc-widget-frame.js.driftt.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tools.refokus.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
webhooks.fivetran.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.huntress.com
www.linkedin.com
www.redditstatic.com
www.youtube.com
104.16.137.15
104.16.89.20
104.17.207.249
104.18.37.212
104.244.42.133
104.244.42.3
13.107.42.14
13.32.27.19
140.82.121.3
142.250.186.35
142.250.186.68
146.75.120.157
151.101.1.140
151.101.65.91
162.159.153.247
172.217.18.14
18.244.20.221
18.245.86.77
185.199.109.154
185.89.211.116
2001:4860:4802:34::36
2600:9000:2127:2e00:9:d7d4:1380:93a1
2600:9000:2127:b600:12:9e5f:cac0:93a1
2600:9000:235a:ea00:11:3b84:d200:93a1
2606:4700:20::ac43:44da
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:50ba
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:89d1
2606:4700::6811:e3a3
2606:4700::6812:7d0c
2620:1ec:21::14
2620:1ec:46::63
2620:1ec:c11::237
2a00:1450:4001:800::200e
2a00:1450:4001:809::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::2008
2a00:1450:400c:c00::9c
2a02:26f0:480:23::1726:62a3
2a02:26f0:480:f::213:7ec6
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::396
3.230.6.246
3.76.146.81
34.111.208.231
34.111.224.162
34.159.227.151
34.249.200.254
35.83.8.35
52.182.214.99
52.21.250.58
65.9.95.100
65.9.95.45
65.9.95.69
68.219.88.97
76.76.21.22
76.76.21.93
95.101.111.184
0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1
00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c
02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e
031ac081c388503c078347630e6db5e0590befc22f345050a050f9b0a79d5083
037a17512985e112e6b64b0534e3953dfca28420d2cab55f7771a7dd22a79918
069edde62b8f3bfa2463ae5c4d17f083272e275847a79e2c82503ed7cead8931
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939
12411163a6bf7af9495ce3fb6a090808b299d9830705a01877cfc6107bc531d7
1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801
14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
20a08b12c57107d444fecc539f41c36996bf9dbb322fab275314b3ce246c3823
215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79
22b1fb6f9f99cbad02dd31a2a03ad13f70ff07bd59d1e584b17766708c58d4d1
261e44bd5998183c1bde239149a4be112fd5afd76c1efb12da82f24cf20561d4
2791bb4bda1252e862eef1143ff121bc0825a112166291e2c760cba8c7575e40
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083
367b0a428642139abddf847755504eb5c7c7e65b95429e9949833a68ac4da984
36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2
398e5db09b2d6213a7eab3ce8556e61a5774e4657f1e63763abf0bb867a7658b
3a6418816eed3b450709ad2c7509c5726da45f1b0a82184992fc447d6c961b9c
3d9f49166505c59f2cecf5d0e790ee32f3049e93d0ccfea46603d224a3ee784e
3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
45fc084d4788e26e26855549406938f7d5be45e6a9d8469681d4026f6b7e2f6c
47c6585336dd2371eeed6596d97cb1548006f2ce1280c2adc32a08442d6f51cc
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e938e5b4fe364bd2d00ec08067f98aa54b1398df28287257b8434012ff20033
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8
558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d
56ca8f0d6314136eeb319281448c5f652abea4df2061d2c42752380d76b742dc
5845152cca6b5fb9a206b732d72463eadd2605e0ade7421134cc6fcb59d1a36a
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db
5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
60ba63f369e9131ebda235cb154f2204acf3f5cb6de3dcf289d933ad5eebf778
65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c
66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017
66c25b9323f64bd8ec43e4fdbf02b022f48edaad99b534e06b99bd88d3adb5e3
66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0
67786077050307fcffb9795d3f5fd2a2e5d3956e692181609fee98693604d321
67e9d5a6ce45861e128abf4e6b779916c661662876d79977d40ddfbab679910b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f
6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2
71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
74eeb7d68caa91529c2eb3d822c13adee8d1fd247b0f3b082d84d6da51825919
75bb32a2e2126660c4f0883898ae834da739f3eeeb1b888bdab2e3044927ce85
7e6099f8d59d29c1446e0d06b18e6213da825582d128799560094a5ecdfae5a7
7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85
86f3464b435f45ef498bc2a621cad3de242cfae23932b1f8a02244309a68173b
889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5
89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8c7fbd84d1f8e2098985c70243dfe1567d6566c6ac1720ffd64770a3700291a8
8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c
9924d2769e66e65419dae29ddd452881216820e6a8bb5d1049f9195a24d10c64
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a03c63b7757de92a9b204e6c7809d61430bb1b1c363c4ae37b1ec7cad3e93c79
a161369b576860ce9654480562ba1ddeafe81f9ad5ee8f7db2fb00f4892a4b8f
a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e
a447d3663b55765c353cd2d4067634356183f5589b5af36e703e452926669f0e
a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898
a4f1eb17105eabb75b4750c05f469c570e3c18cc79aab3fdd2dfc8d657ca7266
a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec
aa067c3f9d762c4b27d7593b347b627735508a13e79d5ff35cf109b5f297dedf
aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36
ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb
b9662a50703853ca2a318262d930668b8ae42333c6b413a424d0296212c40865
b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995
bbfae0a3b7da32ea92fc730b3a357f2aa5b39b596f4711a8c02ed2d901d12fb7
bfc22aa61526b54bd655a11d628c6a6522c714fd355633936052ffb93368f397
c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b
c2951f692f5782fbb1ac60276416fa7ef99a878c2ef2ef4a345db7520e03921b
c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
dae47b8a97cc1b620189dde91132381608aa694f536691fb272780fd1f45e4c1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71d5ee02cb7138bf65f1cc1f2782c5852607c5810e1bf1778004c63a8a4e17e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a
f0445542faf1f8143646747bf1a92c8fa48427e0cfe0b49679dedb231a7cfed3
f17723e05ced08cbee817fc6c8327965f4fcd1f32aea681868acc75218330462
f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0
f6de8eff2f2f46b4d3e24716caa22af17db498dfbbc0ae5e984d7ea8b098f7d8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa8204005ed25e30f3ee56dbad3afa3c011e12636e75decf2b1aaf22a1c326dd
fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48
fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.huntress.com Open in urlscan Pro 34.249.200.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

150 Requests

98 %HTTPS

44 %IPv6

49 Domains

70 Subdomains

65 IPs

5 Countries

2949 kBTransfer

7339 kBSize

65 Cookies

27 Outgoing links

Page URL History

Redirected requests

150 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.huntress.com Open in urlscan Pro
34.249.200.254 Public Scan

Screenshot
Live screenshot

Full Image

150
Requests

98 %
HTTPS

44 %
IPv6

49
Domains

70
Subdomains

65
IPs

5
Countries

2949 kB
Transfer

7339 kB
Size

65
Cookies

150 HTTP transactions
0 data transactions