www.synack.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/
Submission: On April 05 via manual (April 5th 2024, 1:52:47 pm UTC) from US — Scanned from DE

Summary HTTP 91 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 32 IPs in 3 countries across 25 domains to perform 91 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.synack.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 11th 2023. Valid for: a year.

This is the only time www.synack.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
8	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
13	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:88ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
9	95.101.111.170 95.101.111.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1484	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:89d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:480... 2a02:26f0:480:22::1726:62ed	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:4fba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6dfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e4a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:cff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.197.89.129 54.197.89.129	14618 (AMAZON-AES) (AMAZON-AES)
91	32

23 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.synack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:88ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 95.101.111.170 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-170.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1484 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89d1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:22::1726:62ed (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4fba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6dfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e4a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cff9 (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.197.89.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-89-129.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	synack.com www.synack.com	514 KB
13	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 314	148 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5872 c.6sc.co — Cisco Umbrella Rank: 9222 ipv6.6sc.co — Cisco Umbrella Rank: 5999 b.6sc.co — Cisco Umbrella Rank: 3952	21 KB
8	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	693 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 320 www.linkedin.com — Cisco Umbrella Rank: 581 px4.ads.linkedin.com — Cisco Umbrella Rank: 6476	4 KB
4	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 3274 www.google.com — Cisco Umbrella Rank: 2	195 B
3	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4384 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4304 track.hubspot.com — Cisco Umbrella Rank: 2436	27 KB
3	google.de www.google.de — Cisco Umbrella Rank: 7528	190 B
3	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 96 googleads.g.doubleclick.net — Cisco Umbrella Rank: 39	429 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2709	21 KB
2	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4655 forms.hsforms.com — Cisco Umbrella Rank: 4459	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9066	719 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4730 forms.hscollectedforms.net — Cisco Umbrella Rank: 4806	26 KB
2	qualified.com js.qualified.com — Cisco Umbrella Rank: 19522 app.qualified.com — Cisco Umbrella Rank: 20626	160 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3571	1 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2328	23 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3287	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2311	22 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 129	2 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 552	303 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2558	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 811	17 KB
1	gstatic.com fonts.gstatic.com	37 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6921	154 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 38	849 B
91	25

	Domain	Requested by
23	www.synack.com	www.synack.com
13	cdn.cookielaw.org	www.synack.com cdn.cookielaw.org
8	www.googletagmanager.com	www.synack.com www.googletagmanager.com js.hsadspixel.net
7	b.6sc.co	www.synack.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	www.google.de	www.synack.com
2	epsilon.6sense.com	j.6sc.co
2	www.google.com	1 redirects www.synack.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	app.qualified.com	js.qualified.com
1	track.hubspot.com
1	forms.hsforms.com	www.synack.com
1	perf-na1.hsforms.com	www.synack.com
1	api.hubapi.com	js.hsadspixel.net
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	googleads.g.doubleclick.net	1 redirects
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	www.googleadservices.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.synack.com
1	www.linkedin.com	1 redirects
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	geolocation.onetrust.com	cdn.cookielaw.org
1	region1.google-analytics.com	www.googletagmanager.com
1	js.hs-scripts.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	www.synack.com
1	fonts.gstatic.com	fonts.googleapis.com
1	js.qualified.com	www.synack.com
1	js.hsforms.net	www.synack.com
1	fonts.googleapis.com	www.synack.com
91	38

This site contains links to these domains. Also see Links.

Domain
boards.greenhouse.io
acropolis.synack.com
readme.synack.com
login.synack.com
www.facebook.com
www.linkedin.com
x.com
www.instagram.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
www.synack.com Sectigo RSA Domain Validation Secure Server CA	`2023-08-11` - `2024-08-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
qualified.com E1	`2024-03-11` - `2024-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
hs-scripts.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
hubapi.com E1	`2024-03-06` - `2024-06-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
app.qualified.com R3	`2024-03-21` - `2024-06-19`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/
Frame ID: 358258DCA8D2FBDBD18E15C61FBC52E1
Requests: 89 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/wMSIsrvzp9xgEeyW/messenger?uuid=33efed8b-a314-4426-b4b5-ae913633e619
Frame ID: F2DE8F36F9C0F0ED4D8F813522073DA9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploits Explained: Attacking Open Internet Proxy Servers | Blog | Synack

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

91
Requests

96 %
HTTPS

81 %
IPv6

25
Domains

38
Subdomains

32
IPs

3
Countries

1876 kB
Transfer

5738 kB
Size

32
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://boards.greenhouse.io/synacksrt/jobs/150860
Title: Apply to SRT

Search URL Search Domain Scan URL

URL: https://acropolis.synack.com/
Title: Acropolis Recognitions

Search URL Search Domain Scan URL

URL: https://readme.synack.com/
Title: README_ Publication A publication covering the issues, ideas and people shaping the future of cybersecurity.

Search URL Search Domain Scan URL

URL: https://readme.synack.com/tag/changelog
Title: Changelog Newsletter Subscribe to the Changelog Newsletter for essential news delivered directly to your inbox.

Search URL Search Domain Scan URL

URL: https://login.synack.com/
Title: login button

Search URL Search Domain Scan URL

URL: https://acropolis.synack.com/?_gl=1*1sc9of1*_ga*MjgyOTE1NDI4LjE2OTIwMjQ5NTY.*_ga_9891KWEZPK*MTY5OTk3MjgzNi4xNTAuMS4xNjk5OTczNzYzLjAuMC4w
Title: SRT Envoy and Guardian of Trust

Search URL Search Domain Scan URL

URL: https://www.facebook.com/synack
Title: facebook link

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/synack-inc-/
Title: linkedin link

Search URL Search Domain Scan URL

URL: https://x.com/synack
Title: x link

Search URL Search Domain Scan URL

URL: https://www.instagram.com/synackofficial/
Title: instagram

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D947010%26time%3D1712325162144%26li_adsId%3Db948ad50-8fa4-4059-818e-8f5cfbbcbceb%26url%3Dhttps%253A%252F%252Fwww.synack.com%252Fblog%252Fexploits-explained-attacking-open-internet-proxy-servers%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&cookiesTest=true&liSync=true&e_ipv6=AQIr6PG_BqibFQAAAY6uiHcHJqZbn1k9aa2SRYf0FAXmYRCDATAJ3Pzav1PreszKHT6u14RiKK4C8dmW7kuMy2fzoxUt

Request Chain 61

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&eitems=ChEI8MK-sAYQ8a6vqOjYpOKJARIdAPW8BiJ6TTlB_L_j9IvAcqGrZNOoepOQzeUe1rY&pscrd=IhMIr9ShqJyrhQMVvisGAB00_AukMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6F2h0dHBzOi8vd3d3LnN5bmFjay5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIr9ShqJyrhQMVvisGAB00_AukMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6F2h0dHBzOi8vd3d3LnN5bmFjay5jb20v&is_vtc=1&cid=CAQSGwB7FLtq5DGRlr1Ds7I44LEvPds_aAiPBkaTfA&eitems=ChEI8MK-sAYQ8a6vqOjYpOKJARIdAPW8BiLNPwIS8Xyou945UQvvPG0wloxBcwW_pO8&random=1573081997 HTTP 302
https://www.google.de/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIr9ShqJyrhQMVvisGAB00_AukMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6F2h0dHBzOi8vd3d3LnN5bmFjay5jb20v&is_vtc=1&cid=CAQSGwB7FLtq5DGRlr1Ds7I44LEvPds_aAiPBkaTfA&eitems=ChEI8MK-sAYQ8a6vqOjYpOKJARIdAPW8BiLNPwIS8Xyou945UQvvPG0wloxBcwW_pO8&random=1573081997&ipr=y

91 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ 211 KB
23 KB 258ms
197ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a0de3c69d9a8372223f5b1b27d3d43a4c3bb2044bc8398fb31a4a1a706f98451

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 86fa05233f759106-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
content-type: text/html; charset=UTF-8
date: Fri, 05 Apr 2024 13:52:41 GMT
link: <https://www.synack.com/?p=20795>; rel=shortlink
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
referrer-policy: origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=63072000
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 2
x-cache-group: normal
x-cacheable: YES:600.000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

GET
H2 200 simple-banner.css
www.synack.com/wp-content/plugins/simple-banner/ 470 B
365 B 25ms
22ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/plugins/simple-banner/simple-banner.css?ver=2.17.0

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e52d2896e4826b8b2cc58b53db6c3e4aaea762a718e2a1375b275ff78285060

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 03 Jan 2024 06:35:38 GMT
server: cloudflare
etag: W/"6595003a-1d6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa0524990a9106-FRA

GET
H2 200 style.css
www.synack.com/wp-content/themes/synack/ 2 KB
824 B 40ms
37ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/style.css

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

295b869eb6cfce0d672811c7fd9fbe616272dabcacd6dbe50543af7ac3b8da1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:39 GMT
server: cloudflare
etag: W/"66072b7f-9e6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa0524990c9106-FRA

GET
H2 200 style.css
www.synack.com/wp-content/plugins/bol-resource-library/assets/css/ 10 KB
3 KB 34ms
31ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/plugins/bol-resource-library/assets/css/style.css?ver=2

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b840ccb15d3d1e2aba4b223ea4b89b7ea234376d5968508083177671f23ecd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 22 Mar 2024 19:37:50 GMT
server: cloudflare
etag: W/"65fdde0e-284d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa0524990d9106-FRA

GET
H2 200 jquery.min.js Show response
www.synack.com/wp-includes/js/jquery/ 86 KB
31 KB 31ms
28ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: cloudflare
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa052499109106-FRA

GET
H2 200 jquery-migrate.min.js Show response
www.synack.com/wp-includes/js/jquery/ 13 KB
5 KB 38ms
35ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: cloudflare
etag: W/"6482bd64-3509"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa052499119106-FRA

GET
H2 200 simple-banner.js Show response
www.synack.com/wp-content/plugins/simple-banner/ 6 KB
2 KB 32ms
30ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/plugins/simple-banner/simple-banner.js?ver=2.17.0

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b798e798867301d04ad55df8c4b32c3a26379eebc2ce8ec3f4d1b896a4d259e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 03 Jan 2024 06:35:38 GMT
server: cloudflare
etag: W/"6595003a-1769"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa052499139106-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 143 KB
55 KB 45ms
22ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38714717-1

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4475b3bad5f7bc80806de0259efa6c07bfb58960e5e324aee3f63a384e389691

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 55638
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 Apr 2024 13:52:41 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/ 16 KB
3 KB 53ms
26ms Script
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/OtAutoBlock.js

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23ba89ab90e39bad03d966a8080e150db8c75187d5accccb304b2e116609cb7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 8647
content-md5: jdUdoFdP4TT1O8dqeZ1+iQ==
content-length: 3203
x-ms-lease-status: unlocked
last-modified: Wed, 08 Mar 2023 23:17:39 GMT
server: cloudflare
etag: 0x8DB202B4FD453A1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: fa7eb3b0-201e-0028-5b58-79582b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa0524bb05973a-FRA
expires: Sat, 06 Apr 2024 13:52:41 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 46ms
20ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Pg1MHDpg+UGdovxhidM4Kg==
age: 80367
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6839
x-ms-lease-status: unlocked
last-modified: Wed, 03 Apr 2024 02:08:10 GMT
server: cloudflare
etag: 0x8DC5382E914B008
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 232c4126-401e-0001-34e1-85665f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa0524bb06973a-FRA

GET
H2 200 style-main.css
www.synack.com/wp-content/themes/synack/webroot/css/ 346 KB
48 KB 34ms
32ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/css/style-main.css?v=20231013

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5141aa2cbb1361e5852ed97c43c449fb6824bbacc196d828b33a2b4130200b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40478
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:39 GMT
server: cloudflare
etag: W/"66072b7f-56886"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa052499129106-FRA

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
849 B 73ms
25ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

492d00e4a4110b712efd91a46f205045b2f207df8bc960be6f46b0964107f7cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:57:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 05 Apr 2024 13:52:41 GMT

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ 482 KB
154 KB 53ms
33ms Script
application/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 596
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=86f9f6946a787169-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Fri, 05 Apr 2024 13:52:41 GMT
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: af881015-ebb4-4b14-b994-f152e035775c
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: af881015-ebb4-4b14-b994-f152e035775c
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lQkJy5a%2FmQmePowllQg24Caj%2B0UNQqun9DCXHgz6CDss99WX2wmfeEYL7vVcPI%2BYhej5bnVOi1si74lsyo8Sw73TGBADBMA59flnp7YJN1qS1x6kPPNFOTLTQE7sK6hiQXxkT5En0smwR%2B26"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-72bsp
cf-ray: 86fa0524bfbb5d9c-FRA
x-amz-cf-id: ydg7op8QimyCe7jPb2kYouHWf5Yi6QvBfQdfwXcKUynlPPpmFzozFA==

GET
H2 200 blazy.png
www.synack.com/wp-content/themes/synack/webroot/images/ 72 B
177 B 217ms
216ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/images/blazy.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

662909c49c1ce344adeac34addace8b0824701d47cf5fb3fe1fcc7cd1fdb4fb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 72
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:29 GMT
server: cloudflare
etag: "6559e401-48"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa052499159106-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H2 200 image1.png
www.synack.com/wp-content/uploads/2023/11/ 11 KB
11 KB 178ms
177ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/uploads/2023/11/image1.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

30ea10a5f64a4cd55c2b68950d7f332ffb5818d8212963483072c6af4e000418

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 11230
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:29:48 GMT
server: cloudflare
etag: "6559e39c-2bde"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa052499149106-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H2 200 image4-1024x278.png
www.synack.com/wp-content/uploads/2023/11/ 79 KB
79 KB 193ms
192ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/uploads/2023/11/image4-1024x278.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84fb64a90365d5449a01571c3b337fb103f6d5c7e853d31d1b5fc01c84ad60e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 80965
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:30 GMT
server: cloudflare
etag: "6559e402-13c45"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa052499179106-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H3 200 image3-1024x288.png
www.synack.com/wp-content/uploads/2023/11/ 38 KB
39 KB 182ms
181ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/uploads/2023/11/image3-1024x288.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e96db4d8f3222ed4bd101dfd04e7e2e50bbd9c5f4223edd3c33e7916d652d76b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 39005
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:30 GMT
server: cloudflare
etag: "6559e402-985d"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa05259dd236dd-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H3 200 image2-1024x242.png
www.synack.com/wp-content/uploads/2023/11/ 31 KB
31 KB 185ms
183ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/uploads/2023/11/image2-1024x242.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

98b378343b55f9354ba0063475850572221b3877696a080fb651acfac4f0e86c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 31342
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:30 GMT
server: cloudflare
etag: "6559e402-7a6e"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa05259dd536dd-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H3 200 logo.svg
www.synack.com/wp-content/themes/synack/webroot/images/footer/ 4 KB
2 KB 33ms
32ms Image
image/svg+xml 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/images/footer/logo.svg

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b1ea6cd586a8e44d9387d438c1bf23a83200feea1da2f21ee8097c14e64bb33

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40478
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:39 GMT
server: cloudflare
etag: W/"66072b7f-114d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa05259de036dd-FRA

GET
H3 200 my-privacy-choices-check.webp
www.synack.com/wp-content/themes/synack/webroot/images/footer/ 738 B
1 KB 178ms
177ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/images/footer/my-privacy-choices-check.webp

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b317df5e031bd027cf564feae4589bdccf44929cea1ee7bbeb7cdd3b80ff95ed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 738
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:39 GMT
server: cloudflare
etag: "66072b7f-2e2"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa05259de336dd-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H3 200 additional-polyfills.js Show response
www.synack.com/wp-content/themes/synack/webroot/js/ 5 KB
2 KB 33ms
31ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/js/additional-polyfills.js?v=20231016

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e478aa5a84ca62d2450fbe0cedf13085f987dc1c3c4b30e8683701f20a4aadd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:40 GMT
server: cloudflare
etag: W/"66072b80-12f1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa05259dd636dd-FRA

GET
H3 200 manifest.js Show response
www.synack.com/wp-content/themes/synack/webroot/js/ 3 KB
2 KB 25ms
23ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/js/manifest.js?v=20231016

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2257ecae3d22c703a36089996962128138034931396b59d6ce0e302c485cd62

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:40 GMT
server: cloudflare
etag: W/"66072b80-bf7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa05259dd736dd-FRA

GET
H3 200 vendor.js Show response
www.synack.com/wp-content/themes/synack/webroot/js/ 512 KB
170 KB 59ms
57ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/js/vendor.js?v=20231016

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffa26c1e29a1439ff072c1fe246f6cb68cbdf255da969f705c7d7b91ad75d785

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:40 GMT
server: cloudflare
etag: W/"66072b80-7feb8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa05259ddc36dd-FRA

GET
H3 200 app.js Show response
www.synack.com/wp-content/themes/synack/webroot/js/ 38 KB
8 KB 29ms
28ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/js/app.js?v=20231016

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b8487412015c87df70a04ab7dd4a2b816897d483512a0cb1eab01045232385a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 40479
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 29 Mar 2024 20:58:40 GMT
server: cloudflare
etag: W/"66072b80-98d7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa05259ddd36dd-FRA

GET
H2 200 qualified.js Show response
js.qualified.com/ 656 KB
160 KB 482ms
451ms Script
text/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=wMSIsrvzp9xgEeyW

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1a0cfa63f20a139a391e848b083a09d1c2d1238f8a86df646252b7f53b122e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 1b1fc1ca-c660-e33c-e736-fa296e33e1e5
pragma: no-cache
x-runtime: 0.034307
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"c1a0cfa63f20a139a391e848b083a09d"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 86fa0525cf8c2be8-FRA
expires: Fri, 05 Apr 2024 17:52:42 GMT

GET
BLOB 200
OK 04c744a8-d631-454e-83bf-43a282788f0d
https://www.synack.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.synack.com/04c744a8-d631-454e-83bf-43a282788f0d
Requested by: Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.synack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
106 KB 57ms
35ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W82WNBG

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a6d4abb02800397ffe94ea044cc118c64a5ec96454f5289fb756be57f9301dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108790
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 13:52:41 GMT

GET
H2 200 6f5eb47e-d844-48ff-8a69-bdd05b58172b.json Show response
cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/ 4 KB
2 KB 273ms
27ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/6f5eb47e-d844-48ff-8a69-bdd05b58172b.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77b8595b688ffd0297d0c6a51090ba03399a8f750fee8f46e1f83919f5e0a469

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 80996
content-md5: Qh5a6/rX/4xSWyxlwxnPRA==
content-length: 1674
x-ms-lease-status: unlocked
last-modified: Wed, 08 Mar 2023 23:17:41 GMT
server: cloudflare
etag: 0x8DB202B50D2D8D3
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: bd9e5bed-c01e-0042-1f58-798003000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa05269a54bb86-FRA
expires: Sat, 06 Apr 2024 13:52:42 GMT

GET
H2 200 rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2
fonts.gstatic.com/s/dmsans/v15/ 36 KB
37 KB 33ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

258f9f1b553bb57419619f41d3b1445226c7bc63d2a3409efef4a68426709e94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.synack.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 03:50:54 GMT
x-content-type-options: nosniff
age: 554507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36848
x-xss-protection: 0
last-modified: Thu, 21 Mar 2024 23:58:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 03:50:54 GMT

GET
H3 200 footer-shape.jpg
www.synack.com/wp-content/themes/synack/webroot/images/footer/ 5 KB
5 KB 208ms
208ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/themes/synack/webroot/images/footer/footer-shape.jpg

Requested by

Host: www.synack.com
URL: https://www.synack.com/wp-content/themes/synack/webroot/css/style-main.css?v=20231013

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d2bcb574a8847ce3950feafa475c5de4d780c2321d5ec7894880f348008d0c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 4852
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:29 GMT
server: cloudflare
etag: "6559e401-12f4"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa0525adfa36dd-FRA
expires: Sat, 05 Apr 2025 13:52:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
97 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XVS579G3KG&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38714717-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6ebd283ee1fbc487540ac0cd48ddf2dd7e2de1dd55ce5370d07e51802a6c8739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99037
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 Apr 2024 13:52:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 295 KB
98 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9891KWEZPK&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38714717-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d9f67f858cbe424dde363c19ff171e2fa726cdb3f4b3db6aed8bd10b927bfc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99879
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 Apr 2024 13:52:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 41ms
20ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38714717-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 05 Apr 2024 13:48:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 273
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 05 Apr 2024 15:48:08 GMT

GET
H3 200 synack-exploits-explained-blog-series-image-no-text-1.jpg
www.synack.com/wp-content/uploads/2023/08/ 41 KB
42 KB 473ms
473ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.synack.com/wp-content/uploads/2023/08/synack-exploits-explained-blog-series-image-no-text-1.jpg

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7201917115970516a7e57ffba7ab11365db21791d25b94f1162dfd734c03f82

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 42260
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:29:50 GMT
server: cloudflare
etag: "6559e39e-a514"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa0526cf6d36dd-FRA
expires: Sat, 05 Apr 2025 13:52:42 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 43ms
7ms Script
application/javascript 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Fri, 05 Apr 2024 13:52:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 33ms
7ms Script
application/javascript 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W82WNBG

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Mar 2024 16:03:53 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=67370
accept-ranges: bytes
content-length: 17224

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 208 KB
76 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-AW-952412761&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W82WNBG

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5c4307e64f66307e22903a34225f10fe515a5485a40b9c0913ce0d19708c522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77492
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 13:52:42 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 258 KB
87 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-952412761&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W82WNBG

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

513b259371f3cad0d46e7d320096d891f0ef121e8f2ffcc2360f676929e30b0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89470
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 13:52:42 GMT

GET
H2 200 22524429.js Show response
js.hs-scripts.com/ 2 KB
1 KB 149ms
125ms Script
application/javascript 2606:4700::6810:89d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22524429.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W82WNBG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:89d1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

350b5754b0f3a7606a9135bff632260c3abe8a139c8971ac871a9d57602f6a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 274354b6-46b8-4190-85e1-f873c2af57e3
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 274354b6-46b8-4190-85e1-f873c2af57e3
last-modified: Fri, 05 Apr 2024 13:21:58 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.synack.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-jx4fw
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 86fa052709b90493-FRA
expires: Fri, 05 Apr 2024 13:54:12 GMT

GET
H3 200 wp-emoji-release.min.js Show response
www.synack.com/wp-includes/js/ 18 KB
5 KB 40ms
40ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: HIT
age: 38269
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
server: cloudflare
etag: W/"65cb7e57-4926"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
cf-ray: 86fa0526ef8c36dd-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 35ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9891KWEZPK&gtm=45je4430v892239364za200&_p=1712325161745&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=108040214.1712325162&ul=en-us&pscdl=noapi&_eu=AAAI&_geo=1&_rdi=1&_s=1&sid=1712325162&sct=1&seg=0&dl=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&dt=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=674
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9891KWEZPK&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 19ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XVS579G3KG&gtm=45je4430v870611089za200&_p=1712325161745&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=108040214.1712325162&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1712325162&sct=1&seg=0&dl=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&dt=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&en=page_view&_fv=1&_ss=1&tfd=692
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XVS579G3KG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 52ms
17ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-XVS579G3KG&cid=108040214.1712325162&gtm=45je4430v870611089za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XVS579G3KG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 47ms
30ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XVS579G3KG&cid=108040214.1712325162&gtm=45je4430v870611089za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1730367525

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
303 B 66ms
42ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 86fa052758f23a61-FRA
access-control-allow-headers: Content-Type

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 25ms
25ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=723537257&t=pageview&_s=1&dl=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&ul=en-us&de=UTF-8&dt=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YADAAUABAAAAACAAI~&jid=1388373762&gjid=815675539&cid=108040214.1712325162&tid=UA-38714717-1&_gid=2086583903.1712325162&_r=1&gtm=457e4430za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&npa=1&z=1195883294

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 15ms
7ms XHR
text/html 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.synack.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 35 B
334 B 60ms
8ms XHR
text/html 2a02:26f0:480:22::1726:62ed
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:22::1726:62ed Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1ce0fdd730b84d3e08b95186a68a91a517fb9b7634c0ccdd78cdd613242ae28a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.synack.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a02:6ea0:c71b:0:1011:ae2a:a838:47b
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712325162181_389993773_46701290_29_996_6_14_219";dur=1
content-length: 35
expires: Fri, 05 Apr 2024 13:52:42 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 225ms
214ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 226ms
215ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225ae522a995af66cfd213a9411fe4ce6a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%223156112d8b24b403404bd4c79d487f3a73029c0a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-ope...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-ope...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D947010%26time%3D1712325162144%26li_adsId%3Db948ad50-8fa4-4059-818e-8f5cfbbcbceb%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-ope...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-op...

0
481 B

208ms
156ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&cookiesTest=true&liSync=true&e_ipv6=AQIr6PG_BqibFQAAAY6uiHcHJqZbn1k9aa2SRYf0FAXmYRCDATAJ3Pzav1PreszKHT6u14RiKK4C8dmW7kuMy2fzoxUt
Requested by: Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.synack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6397B9EB59F94D5798E0B07FD5268C70 Ref B: FRAEDGE1513 Ref C: 2024-04-05T13:52:42Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-ltx1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVWcUUEO5XC/YCfBwOrA==

Redirect headers

date: Fri, 05 Apr 2024 13:52:42 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 471A48FB4AFC40BFB0F3BDA2273B9E65 Ref B: FRAEDGE1416 Ref C: 2024-04-05T13:52:42Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=947010&time=1712325162144&li_adsId=b948ad50-8fa4-4059-818e-8f5cfbbcbceb&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&cookiesTest=true&liSync=true&e_ipv6=AQIr6PG_BqibFQAAAY6uiHcHJqZbn1k9aa2SRYf0FAXmYRCDATAJ3Pzav1PreszKHT6u14RiKK4C8dmW7kuMy2fzoxUt
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVWcUQ0odnAZ0NxWBCjw==

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/952412761/ 3 KB
2 KB 54ms
25ms Script
text/javascript 216.58.206.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/952412761/?random=1712325162160&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-952412761&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

7a37f2e482f8fccce98af30985bac359ac7ff4925fd6f3dd411e1581da0ae976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1686
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 17ms
17ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-38714717-1&cid=108040214.1712325162&jid=1388373762&gjid=815675539&_gid=2086583903.1712325162&npa=1&_u=YADAAUAAAAAAACAAI~&z=1937245217

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/ 383 KB
92 KB 38ms
37ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
age: 76172
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93482
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
server: cloudflare
etag: 0x8DADC66BDFA5EC7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a5ea234d-301e-0069-6d88-1700cf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa0527bfed973a-FRA

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 46ms
31ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38714717-1&cid=108040214.1712325162&jid=1388373762&npa=1&_u=YADAAUAAAAAAACAAI~&z=67399312

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 33ms
32ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38714717-1&cid=108040214.1712325162&jid=1388373762&npa=1&_u=YADAAUAAAAAAACAAI~&z=67399312

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 199ms
199ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=ipv6&q=%7B%22address%22%3A%222a02%3A6ea0%3Ac71b%3A0%3A1011%3Aae2a%3Aa838%3A47b%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 22524429.js Show response
js.hs-analytics.net/analytics/1712325000000/ 70 KB
22 KB 443ms
422ms Script
text/javascript 2606:4700::6810:4fba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1712325000000/22524429.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22524429.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5fb9810b0e76fe584a486be977afc9074b1995e52c792f92bacdbd19cbba1f5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 05JHP8NY48PTB1C8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 5ea77019-52cf-4a9a-8ce2-1ee1fd5ea0e5
x-envoy-upstream-service-time: 20
x-amz-id-2: FYXSlJFI6nUjM0qeLt8HMtS2c5vDiK1VfRVSndEdhJCfB0bT+q8CN+93DuYx3BhAwvpSeDFnMVq+UTJg1aUUQA==
x-evy-trace-listener: listener_https
x-request-id: 5ea77019-52cf-4a9a-8ce2-1ee1fd5ea0e5
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Apr 2024 16:24:17 GMT
server: cloudflare
etag: W/"ff0fcf2532578a213277d84dca9b3f6b"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-snf7h
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 86fa0527ee343660-FRA
expires: Fri, 05 Apr 2024 13:57:42 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 154ms
122ms Script
application/javascript 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22524429.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
Origin: https://www.synack.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.487/bundles/project.js&cfRay=86fa05280d193645-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d1b5d702ce4c8385e7f9e088139af398"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.487/bundles/project.js
date: Fri, 05 Apr 2024 13:52:42 GMT
x-amz-version-id: TBuW8j2Zg4wDwUJfaxQJP8dPtvRalswh
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: c97422fe-862b-48bf-9d69-5e4c93b1c3b3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: c97422fe-862b-48bf-9d69-5e4c93b1c3b3
last-modified: Thu, 28 Mar 2024 11:43:17 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-bsp24
cf-ray: 86fa05280d193645-FRA
x-amz-cf-id: YiL5kj05U7hlD8bz_b1zjFYOomhYtYlJiNa2nHqGWtf2rBUmnIkKcw==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 138ms
117ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22524429.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
Origin: https://www.synack.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.995/bundles/project.js&cfRay=86fa0527fb39901e-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d838571cd390adf273ef11f2c93c66a2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.995/bundles/project.js
date: Fri, 05 Apr 2024 13:52:42 GMT
x-amz-version-id: e6CBI7TNV0080vUb0QC9_Ce844NXultr
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 2c950841-89be-4bca-896b-f1175334017e
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2c950841-89be-4bca-896b-f1175334017e
last-modified: Wed, 20 Mar 2024 13:03:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RNSbfQdrvr0tpwxsfqiymbdhtquL25ZBkMket8mrM3N52D5ePjcgdkN32PL7k8xu7%2FEMbvgXArg8kq86JbJziSg56lqHAlMQyso4FDV9MoCoIER10XW%2BNPSAi0d7cgEmT0ejvbiAbkdyftd"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-kgjsm
cf-ray: 86fa0527fb39901e-FRA
x-amz-cf-id: Y8JK7hDyRdbI6xoOLaSRAV5vRWfl4V-W8URlX-I3lwSQuUSGxf79Ng==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 36ms
15ms Script
application/javascript 2606:4700::6811:e4a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22524429.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e4a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-amz-version-id: NPmBAW9YLDyQDhAGPmBdyF1DJfeS0dQT
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 341
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.546/bundles/pixels-release.js&cfRay=86f9fcd3bbb53a8c-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 863c4a43-0467-4b4a-8ecd-1b1600285a90
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 863c4a43-0467-4b4a-8ecd-1b1600285a90
last-modified: Thu, 04 Apr 2024 13:54:33 UTC
server: cloudflare
etag: W/"437693b047b4419d0e2549e3f640e3c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-275zq
cf-ray: 86fa0528099f71d7-FRA
x-amz-cf-id: OyONwwvdF9DJ431IRROc3ONQZ2uCMyGZZnoMlDJXg-8WH-xya13XJg==
x-hs-target-asset: adsscriptloaderstatic/static-1.546/bundles/pixels-release.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/22524429/ 70 KB
23 KB 141ms
123ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/22524429/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22524429.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 036fe1ed52374c48577f8df417efe0987385963ded0b95e2b4dbfc39628cb2ba

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
x-amz-version-id: Ee5CgdHysadPE1bCnESFX9Fvxvk1.lnb
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 3DZD79V9D04XJC1X
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 51b390a8-0f69-4832-8209-403ab160d0af
x-envoy-upstream-service-time: 163
x-amz-id-2: FSCZfgsI+eBlyZQfHGYLN3+kM1h1kpOGlbPCHYPFfe0m7cq1FS6ktb0ZvPz8jyA+P4qSqmfKTruNzwG/w6GrRTBLva8OZp6s
x-evy-trace-listener: listener_https
x-request-id: 51b390a8-0f69-4832-8209-403ab160d0af
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 06 Mar 2024 17:56:18 GMT
server: cloudflare
etag: W/"d8bd58f81eb88b8159af128438ee6ed0"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.synack.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-hgmm2
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 86fa05281c922bc2-FRA
expires: Fri, 05 Apr 2024 13:57:42 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/952412761/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&...
https://www.google.com/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&...
https://www.google.de/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u...

42 B
64 B

22ms
22ms

Image
image/gif

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIr9ShqJyrhQMVvisGAB00_AukMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6F2h0dHBzOi8vd3d3LnN5bmFjay5jb20v&is_vtc=1&cid=CAQSGwB7FLtq5DGRlr1Ds7I44LEvPds_aAiPBkaTfA&eitems=ChEI8MK-sAYQ8a6vqOjYpOKJARIdAPW8BiLNPwIS8Xyou945UQvvPG0wloxBcwW_pO8&random=1573081997&ipr=y

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.synack.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/952412761/?random=1082761589&cv=11&fst=1712325162160&bg=ffffff&guid=ON&async=1&gtm=45be4430v888931320z876206402za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&u_w=800&u_h=600&url=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&label=-EdECKePxfkBENnUksYD&hn=www.googleadservices.com&frm=0&tiba=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&value=0&npa=1&pscdl=noapi&auid=1474831889.1712325162&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=SA&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIr9ShqJyrhQMVvisGAB00_AukMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6F2h0dHBzOi8vd3d3LnN5bmFjay5jb20v&is_vtc=1&cid=CAQSGwB7FLtq5DGRlr1Ds7I44LEvPds_aAiPBkaTfA&eitems=ChEI8MK-sAYQ8a6vqOjYpOKJARIdAPW8BiLNPwIS8Xyou945UQvvPG0wloxBcwW_pO8&random=1573081997&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/8ee75b19-1eba-4407-9a2a-891f6c01dc29/ 71 KB
15 KB 27ms
27ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6f5eb47e-d844-48ff-8a69-bdd05b58172b/8ee75b19-1eba-4407-9a2a-891f6c01dc29/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8a9fe9b6fcab17a668d6c07d6addc7c44b8083ad9e7044da40a02c638f38cdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 29065
content-md5: 7GPw+4qx6D3ZwY7rherWUw==
content-length: 15462
x-ms-lease-status: unlocked
last-modified: Wed, 08 Mar 2023 23:17:50 GMT
server: cloudflare
etag: 0x8DB202B563EE3F4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2458da9d-401e-0097-345b-236f8e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa0527fc00bb86-FRA
expires: Sat, 06 Apr 2024 13:52:42 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 13 KB
3 KB 20ms
20ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vO8A/abKpoPacUrvSk9OSw==
age: 60390
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
server: cloudflare
etag: 0x8DADC66B7AF38D0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 09996545-401e-0087-3373-22aae6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa05283c43bb86-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/ 61 KB
12 KB 21ms
21ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: mBGnk7IXt0USbYmXZQhmOw==
age: 60390
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:37 GMT
server: cloudflare
etag: 0x8DADC66B90C98A8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9d180ff3-501e-0032-5709-7c39f4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa05283c44bb86-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 5 KB
2 KB 24ms
24ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: c4ZDUEm/Y1hew9zmVZ7hPg==
age: 60390
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:37 GMT
server: cloudflare
etag: 0x8DADC66B8C428D7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 7e36abf0-c01e-00a6-62e9-5d8e9d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa05283c45bb86-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.2.0/assets/ 21 KB
4 KB 22ms
22ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 6195
x-ms-lease-status: unlocked
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 58a262f8-b01e-0058-52b0-0be1dc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86fa05283c46bb86-FRA

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 745 B
719 B 33ms
13ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 4160094e8e7a55a3dd60c62de930a81375ddce09c11dc6d7b28332da6dbbdf14

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 3156112d8b24b403404bd4c79d487f3a73029c0a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5ae522a995af66cfd213a9411fe4ce6a
Referer: https://www.synack.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 8606125720748592643
date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.synack.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 399

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 44ms
10ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.synack.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.synack.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Fri, 05 Apr 2024 13:52:42 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 7687285711720044149

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
595 B 21ms
21ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 80367
x-ms-lease-status: unlocked
last-modified: Wed, 03 Apr 2024 19:51:44 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 60ea6615-d01e-0061-573f-861ac0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86fa05287907973a-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 26ms
25ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 60386
x-ms-lease-status: unlocked
last-modified: Wed, 03 Apr 2024 19:51:44 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 24f57902-d01e-004e-3350-86170b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86fa05287c83bb86-FRA

GET
H2 200 ot_company_logo.png
cdn.cookielaw.org/logos/static/ 4 KB
4 KB 20ms
20ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_company_logo.png

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: E8+sk/ECzKgTUVtDLikiIA==
age: 80367
content-length: 4036
x-ms-lease-status: unlocked
last-modified: Wed, 03 Apr 2024 19:51:45 GMT
server: cloudflare
etag: 0x8DC54177DC00455
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 6597cd96-501e-009b-503f-86f886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86fa05289926973a-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 21ms
21ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 48927
x-ms-lease-status: unlocked
last-modified: Thu, 04 Apr 2024 06:34:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 8071eade-d01e-0061-3dc3-861ac0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86fa05289927973a-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 433 B
1 KB 144ms
134ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=22524429&currentUrl=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 206a8ca2-ac68-4b26-9ad2-a52e88eba5d0
content-encoding: br
x-envoy-upstream-service-time: 19
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 206a8ca2-ac68-4b26-9ad2-a52e88eba5d0
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.synack.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZdmiCNIn956CJpzEO0t0F7eDl2ck47tTWcLQ6hSnWsfzSr2CVm1sH18vVSaJ%2B6ZNNruooZf%2B9RiQltu3P5F0QNsSYjaDtPu%2Bmu3HXm6tXDRZL%2Fyk1%2B%2BjztcdTJvAeWCvD7cQ0Z3Ey8YE5YvKnhhScqWVAjcXARi5lI%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 86fa0528dbe8901e-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-srbbm

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
411 B 125ms
116ms XHR
application/json 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=22524429&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af778a0181dc20299c12f8fd8435335589a6770fb7b7f86a1aba7664115996e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9e482e2c-4742-483e-ba27-25fd8ae8d57f
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9e482e2c-4742-483e-ba27-25fd8ae8d57f
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.synack.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-6zsl2
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 86fa0528fe193645-FRA

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 582 B
1 KB 196ms
170ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=22524429

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b843360245d1ceed64607f277e3226acedebbc2f0343dc05da00fb44dd428e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3b2d4ffe-2206-4354-9b74-cceb4e5ed720
content-encoding: br
x-envoy-upstream-service-time: 44
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3b2d4ffe-2206-4354-9b74-cceb4e5ed720
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.synack.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-spwfg
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ay27cWmkbo1V6v96X4WDaIdXbITB6X5GpgZsIznDP4KatIeJQSYx0%2BvWwCOI8m7zFwdU8rIf070JkpIh5cD0rT87HBxmSv04rmRK7ogDsuPuMqKi7HnPaPCLM3vNHeG7ENcOuHnGDCwu6K09"}],"group":"cf-nel","max_age":604800}
cf-ray: 86fa05291a653804-FRA
access-control-allow-headers: *

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
926 B 246ms
186ms Image
image/gif 2606:4700::6811:cff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 695eb3cb-cef0-4b7e-950a-2a934f921313
x-envoy-upstream-service-time: 56
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 695eb3cb-cef0-4b7e-950a-2a934f921313
last-modified: Fri, 05 Apr 2024 13:52:42 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-srbbm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 86fa052a1fcf4d7c-FRA

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
883 B 219ms
160ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.synack.com
URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 59f1d180-e474-49d3-87bc-edca1958ae34
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 59f1d180-e474-49d3-87bc-edca1958ae34
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-vfbrb
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 86fa052a1f7e5d94-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 258 KB
87 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-952412761

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05d94fb7e411b7e8826b6dd7b8287cd5c8aee64258c4c945db12122097aa866f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89380
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 13:52:42 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 258 KB
87 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-952412761&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38714717-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

731e2d6d3ee6aa19891b718cdf1f008cb77201780bf39d9eb85aaaa19637e9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89386
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 13:52:42 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 156ms
156ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.synack.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:42 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CF2A92B8E2124133B90818D3829D0D60 Ref B: FRAEDGE1416 Ref C: 2024-04-05T13:52:42Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.synack.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYVWcUPaqa9hyBXYw5FxA==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 161ms
137ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=22524429&rcu=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pu=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&t=Exploits+Explained%3A+Attacking+Open+Internet+Proxy+Servers+%7C+Blog+%7C+Synack&cts=1712325163054&vi=3ea8c7aea62e4d69efc21b3d2d713908&nc=true&u=224438085.3ea8c7aea62e4d69efc21b3d2d713908.1712325163052.1712325163052.1712325163052.1&b=224438085.1.1712325163052&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 588d3045-5fe3-42ea-9773-6f5e5d5d2154
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 14
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 588d3045-5fe3-42ea-9773-6f5e5d5d2154
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=De1YNEJqpnI9SmnC6S0xKyxx4CdQ%2BwWMJHrxJ4R4mdozHiIIccr4YK08vJebmkikZ5ypwf2LgMUHEa%2B3%2FGi%2BkpQp5Og6lOzgRZv5ScfJ9JPbpiXoMB6r8d7IGJ0X8yu44J%2FObqeiUieRH290mLeG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-j86rb
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 86fa052d4e432c51-FRA
x-robots-tag: none

GET
H3 200 favicon-150x150.webp
www.synack.com/wp-content/uploads/2023/07/ 3 KB
4 KB 190ms
190ms Other
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.synack.com/wp-content/uploads/2023/07/favicon-150x150.webp

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

62b923702c6d24624ee9cf74c73488d1c4ba68649d9cce6a63b91e5bccd29a16

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:43 GMT
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=63072000
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 3182
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sun, 19 Nov 2023 10:31:31 GMT
server: cloudflare
etag: "6559e403-c6e"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31536000, private
permissions-policy: feature-policy: autoplay 'self'; camera 'none'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; xr-spatial-tracking 'none';
accept-ranges: bytes
cf-ray: 86fa052d1f4036dd-FRA
expires: Sat, 05 Apr 2025 13:52:43 GMT

GET
H/1.1 200
OK messenger
app.qualified.com/w/1/wMSIsrvzp9xgEeyW/ Frame F2DE 0
0 325ms
118ms Document
text/html 54.197.89.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/wMSIsrvzp9xgEeyW/messenger?uuid=33efed8b-a314-4426-b4b5-ae913633e619

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=wMSIsrvzp9xgEeyW

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.197.89.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-89-129.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.synack.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1858
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Fri, 05 Apr 2024 13:52:43 GMT
Etag: W/"d76afcacd6c467e4a7d47194a7135809"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (devel)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: b4b10b6c-711c-5997-eafd-ba2c313da7ad
X-Runtime: 0.026968
X-Xss-Protection: 1; mode=block

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 204ms
204ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A42%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:43 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 205ms
204ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A43%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:44 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 200ms
200ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 200ms
200ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A45%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 13:52:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XVS579G3KG&gtm=45je4430v870611089z876206402za200&_p=1712325161745&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=108040214.1712325162&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AAAK&_s=2&sid=1712325162&sct=1&seg=1&dl=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&dt=Exploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack&en=page_view&ep.allowLinker=true&_et=1&tfd=5696
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XVS579G3KG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.synack.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 13:52:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.synack.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=5ae522a995af66cfd213a9411fe4ce6a&svisitor=null&visitor=87d6d452-e916-4a83-8e8f-7951547c3703&session=ed09aa0f-be4d-4ed9-84fe-908a137877a4&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2013%3A52%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Nicolas%20Krassas%20is%20a%20member%20of%20the%20Synack%20Red%20Team%20and%20has%20earned%20distinctions%20such%20as%20SRT%20Envoy%20and%20Guardian%20of%20Trust.%20A%20few%20days%20back%2C%20there%20was%20a%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22%5Cn%5Ct%5CtExploits%20Explained%3A%20Attacking%20Open%20Internet%20Proxy%20Servers%20%7C%20Blog%20%7C%20Synack%5Ct%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&pageViewId=cca9564d-5281-4be3-8e95-c1dc28405846&v=1.1.15

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.synack.com/	1970-01-20 19:38:46	Name: __cf_bm Value: y.PwQkPCQ0U9sjZR.kBiRkYq2jpZpyBNzHm.5eEkvZs-1712325161-1.0.1.1-IMEyhZ0POahXvmzwH20DUTyVdhc0u9Y_R66_NsnoJ.bzxbmL3kz4lTA3Nhk3tbXwqG6Qfybj.nVTXz_nyl7Dcg
.hsforms.net/	1970-01-20 19:38:46	Name: __cf_bm Value: kWfRt5HZzeOOBIwzwN3kp719PqbxNGAXksoAddNDtKI-1712325161-1.0.1.1-Uh6KhNQlpZpVWO9.2yJwWnI6D7DBc3e09eXa3iIPFovrULNzZ3L_Zn59bIa4wTjQKMvD9YyFp1DqR7nuukWMww
.synack.com/	1970-01-20 21:48:21	Name: _gcl_au Value: 1.1.1474831889.1712325162
.synack.com/	1970-01-21 05:14:45	Name: _ga_XVS579G3KG Value: GS1.1.1712325162.1.1.1712325162.60.0.0
.synack.com/	1970-01-21 05:14:45	Name: _ga Value: GA1.2.108040214.1712325162
.synack.com/	1970-01-20 19:40:11	Name: _gid Value: GA1.2.2086583903.1712325162
.synack.com/	1970-01-20 19:38:45	Name: _gat_gtag_UA_38714717_1 Value: 1
.synack.com/	1969-12-31 23:59:59	Name: pageView Value: 1
.synack.com/	1969-12-31 23:59:59	Name: visited Value: true
.synack.com/	1969-12-31 23:59:59	Name: syn Value: {"firsttouch":{"LeadSource":"none","LeadMedium":"none","LeadType":"none","LeadName":"none","LeadCampaign":"none","Referrer":"Direct","LandingPage":"https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/"},"Journey":{"PageviewCount":"1"}}
www.synack.com/	1970-01-21 05:14:45	Name: _gd_visitor Value: 87d6d452-e916-4a83-8e8f-7951547c3703
www.synack.com/	1970-01-20 19:38:59	Name: _gd_session Value: ed09aa0f-be4d-4ed9-84fe-908a137877a4
.doubleclick.net/	1970-01-20 19:38:46	Name: test_cookie Value: CheckForPermission
.synack.com/	1970-01-21 04:24:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Apr+05+2024+15%3A52%3A42+GMT%2B0200+(Central+European+Summer+Time)&version=202211.2.0&isIABGlobal=false&hosts=&consentId=ab7386a0-5fea-45b8-871c-b32fdf7b7f31&interactionCount=0&landingPath=https%3A%2F%2Fwww.synack.com%2Fblog%2Fexploits-explained-attacking-open-internet-proxy-servers%2F&groups=C0002%3A0%2CC0003%3A0%2CC0005%3A0%2CC0004%3A0%2CC0001%3A1
.linkedin.com/	1970-01-20 21:48:21	Name: li_sugr Value: 05573d8c-ff32-4645-a8f9-0df6fc29e35e
.linkedin.com/	1970-01-21 04:24:21	Name: bcookie Value: "v=2&81549e98-5dca-4544-833c-a2f79aec4cef"
.linkedin.com/	1970-01-20 19:40:11	Name: lidc Value: "b=TGST04:s=T:r=T:a=T:p=T:g=3160:u=1:x=1:i=1712325162:t=1712411562:v=2:sig=AQEMo7lYEh621DkDZ0dly3rd5jeIbqOE"
.synack.com/	1970-01-21 05:14:45	Name: _ga_9891KWEZPK Value: GS1.1.1712325162.1.0.1712325162.0.0.0
.6sc.co/	1970-01-21 05:14:45	Name: 6suuid Value: aad01702fca100002a0210668d01000071c27200
.linkedin.com/	1970-01-20 20:21:57	Name: UserMatchHistory Value: AQJgRIoZmPuC8AAAAY6uiHWw6kQ4mJ_sOK1NV8gfr5O00dCofH_yLNXDCSGqxrkjqTpceScqOAoGbQ
.linkedin.com/	1970-01-20 20:21:57	Name: AnalyticsSyncHistory Value: AQLHrFIG2iq9ugAAAY6uiHWwvLCAanPzKQADQFGIsx_Z7jfhEKbXbqD_7hv6HpAn9AF6_gavnAEM58m4v-KSxA
.www.linkedin.com/	1970-01-21 04:24:21	Name: bscookie Value: "v=1&2024040513524223ed9079-23e0-430e-8324-0cac738389f7AQHm8SWR6c24WbZmPwA61b9s09i5a4lN"
.linkedin.com/	1970-01-20 23:57:57	Name: li_gc Value: MTswOzE3MTIzMjUxNjI7MjswMjF09Y4c6q29tprPVuNSyqA9yscAT8xHBubWrY/L8YGSTw==
.hsforms.com/	1970-01-20 19:38:46	Name: __cf_bm Value: 5HwVCJbvcCKV459iYtm6l8LHi35yc1CIewo9_gmQjMA-1712325162-1.0.1.1-ctqwftiPw3HNvmz_HV4wuYuaT_XrHwI7pjEXvQ5djEMmEPpGe.UkATGBJ0icurwxdtTyCCbzyQnfjkCTHt2rTQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: L5nEpfpcFLxxfEZLNk5DIdsdVbNrw4Iz1TbJYHAJJis-1712325162750-0.0.1.1-604800000
.synack.com/	1970-01-20 23:57:57	Name: __hstc Value: 224438085.3ea8c7aea62e4d69efc21b3d2d713908.1712325163052.1712325163052.1712325163052.1
.synack.com/	1970-01-20 23:57:57	Name: hubspotutk Value: 3ea8c7aea62e4d69efc21b3d2d713908
.synack.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.synack.com/	1970-01-20 19:38:46	Name: __hssc Value: 224438085.1.1712325163052
.hubspot.com/	1970-01-20 19:38:46	Name: __cf_bm Value: GOxOxJAKl948UBT06GGxEZhL1oX1VLaam75ogrIUtQk-1712325163-1.0.1.1-m7rCIKL_c3O4diT8NNDAByA7lLJw8tiBUgwhMppApEWrtntnCRELqI2I4MZPTqTb70r_vLIdPdUO0MIoyZ3Amw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: B_PKgFatou8pdyQ7EuP0YLuObYRoxr.lmDmPVCt1nEU-1712325163211-0.0.1.1-604800000
.synack.com/	1970-01-21 05:14:45	Name: __q_state_wMSIsrvzp9xgEeyW Value: eyJ1dWlkIjoiMzNlZmVkOGItYTMxNC00NDI2LWI0YjUtYWU5MTM2MzNlNjE5IiwiY29va2llRG9tYWluIjoic3luYWNrLmNvbSIsIm1lc3NlbmdlckV4cGFuZGVkIjpmYWxzZSwicHJvbXB0RGlzbWlzc2VkIjpmYWxzZSwiY29udmVyc2F0aW9uSWQiOiIxMzY4NTY1MDYxODUzOTQ2MDgxIn0=

65 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
security	error	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
worker	error	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
security	error	URL: https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js(Line 6) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://js.hscollectedforms.net/collectedforms.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
security	error	URL: https://js.hscollectedforms.net/collectedforms.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://js.qualified.com/qualified.js?token=wMSIsrvzp9xgEeyW(Line 2) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
security	error	URL: https://js.qualified.com/qualified.js?token=wMSIsrvzp9xgEeyW(Line 2) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.saleshood.com'
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.synack.com/blog/exploits-explained-attacking-open-internet-proxy-servers/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' .saleshood.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
app.qualified.com
b.6sc.co
c.6sc.co
cdn.cookielaw.org
cta-service-cms2.hubspot.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.hubspot.com
js.qualified.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
snap.licdn.com
stats.g.doubleclick.net
track.hubspot.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.synack.com
b.6sc.co
13.107.42.14
141.193.213.20
2001:4860:4802:34::36
216.58.206.66
2606:4700:4400::6812:2089
2606:4700:4400::6812:22e5
2606:4700::6810:4fba
2606:4700::6810:6dfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:88ce
2606:4700::6810:89d1
2606:4700::6811:cff9
2606:4700::6811:e4a3
2606:4700::6812:1005
2606:4700::6812:a07d
2606:4700::6812:f36c
2606:4700::6813:b134
2620:1ec:21::14
2a00:1450:4001:800::2003
2a00:1450:4001:803::200e
2a00:1450:4001:812::2004
2a00:1450:4001:827::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9d
2a02:26f0:3500:16::215:1484
2a02:26f0:480:22::1726:62ed
54.197.89.129
76.223.9.105
95.101.111.170
036fe1ed52374c48577f8df417efe0987385963ded0b95e2b4dbfc39628cb2ba
05d94fb7e411b7e8826b6dd7b8287cd5c8aee64258c4c945db12122097aa866f
0d9f67f858cbe424dde363c19ff171e2fa726cdb3f4b3db6aed8bd10b927bfc5
1af778a0181dc20299c12f8fd8435335589a6770fb7b7f86a1aba7664115996e
1ce0fdd730b84d3e08b95186a68a91a517fb9b7634c0ccdd78cdd613242ae28a
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
23ba89ab90e39bad03d966a8080e150db8c75187d5accccb304b2e116609cb7b
258f9f1b553bb57419619f41d3b1445226c7bc63d2a3409efef4a68426709e94
295b869eb6cfce0d672811c7fd9fbe616272dabcacd6dbe50543af7ac3b8da1d
2b840ccb15d3d1e2aba4b223ea4b89b7ea234376d5968508083177671f23ecd0
30ea10a5f64a4cd55c2b68950d7f332ffb5818d8212963483072c6af4e000418
350b5754b0f3a7606a9135bff632260c3abe8a139c8971ac871a9d57602f6a27
3b1ea6cd586a8e44d9387d438c1bf23a83200feea1da2f21ee8097c14e64bb33
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
4160094e8e7a55a3dd60c62de930a81375ddce09c11dc6d7b28332da6dbbdf14
4475b3bad5f7bc80806de0259efa6c07bfb58960e5e324aee3f63a384e389691
492d00e4a4110b712efd91a46f205045b2f207df8bc960be6f46b0964107f7cd
49582965b8ddcb8f728f5b4d33b2c73e138690f5c6815bd9918de94f62f4b80b
4d2bcb574a8847ce3950feafa475c5de4d780c2321d5ec7894880f348008d0c9
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
513b259371f3cad0d46e7d320096d891f0ef121e8f2ffcc2360f676929e30b0e
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5e478aa5a84ca62d2450fbe0cedf13085f987dc1c3c4b30e8683701f20a4aadd
5e52d2896e4826b8b2cc58b53db6c3e4aaea762a718e2a1375b275ff78285060
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62b923702c6d24624ee9cf74c73488d1c4ba68649d9cce6a63b91e5bccd29a16
65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c
662909c49c1ce344adeac34addace8b0824701d47cf5fb3fe1fcc7cd1fdb4fb5
66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ebd283ee1fbc487540ac0cd48ddf2dd7e2de1dd55ce5370d07e51802a6c8739
731e2d6d3ee6aa19891b718cdf1f008cb77201780bf39d9eb85aaaa19637e9fc
77b8595b688ffd0297d0c6a51090ba03399a8f750fee8f46e1f83919f5e0a469
7a37f2e482f8fccce98af30985bac359ac7ff4925fd6f3dd411e1581da0ae976
7b8487412015c87df70a04ab7dd4a2b816897d483512a0cb1eab01045232385a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
98b378343b55f9354ba0063475850572221b3877696a080fb651acfac4f0e86c
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a0de3c69d9a8372223f5b1b27d3d43a4c3bb2044bc8398fb31a4a1a706f98451
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e
a5141aa2cbb1361e5852ed97c43c449fb6824bbacc196d828b33a2b4130200b2
a6d4abb02800397ffe94ea044cc118c64a5ec96454f5289fb756be57f9301dce
b317df5e031bd027cf564feae4589bdccf44929cea1ee7bbeb7cdd3b80ff95ed
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
b7201917115970516a7e57ffba7ab11365db21791d25b94f1162dfd734c03f82
b798e798867301d04ad55df8c4b32c3a26379eebc2ce8ec3f4d1b896a4d259e7
b843360245d1ceed64607f277e3226acedebbc2f0343dc05da00fb44dd428e73
b84fb64a90365d5449a01571c3b337fb103f6d5c7e853d31d1b5fc01c84ad60e
c1a0cfa63f20a139a391e848b083a09d1c2d1238f8a86df646252b7f53b122e8
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d5c4307e64f66307e22903a34225f10fe515a5485a40b9c0913ce0d19708c522
d5fb9810b0e76fe584a486be977afc9074b1995e52c792f92bacdbd19cbba1f5
d8a9fe9b6fcab17a668d6c07d6addc7c44b8083ad9e7044da40a02c638f38cdc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96db4d8f3222ed4bd101dfd04e7e2e50bbd9c5f4223edd3c33e7916d652d76b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f2257ecae3d22c703a36089996962128138034931396b59d6ce0e302c485cd62
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ffa26c1e29a1439ff072c1fe246f6cb68cbdf255da969f705c7d7b91ad75d785

www.synack.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

91 Requests

96 %HTTPS

81 %IPv6

25 Domains

38 Subdomains

32 IPs

3 Countries

1876 kBTransfer

5738 kBSize

32 Cookies

12 Outgoing links

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.synack.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

96 %
HTTPS

81 %
IPv6

25
Domains

38
Subdomains

32
IPs

3
Countries

1876 kB
Transfer

5738 kB
Size

32
Cookies

91 HTTP transactions
0 data transactions