www.picussecurity.com Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Submission: On April 30 via api (April 30th 2023, 1:32:42 am UTC) from CA — Scanned from CA

Summary HTTP 102 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 34 IPs in 2 countries across 27 domains to perform 102 HTTP transactions. The main IP is 2606:2c40::c73c:67e3, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.picussecurity.com.
TLS certificate: Issued by GTS CA 1P5 on April 8th 2023. Valid for: 3 months.

This is the only time www.picussecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2606:2c40::c7... 2606:2c40::c73c:67e3	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:817::200a	15169 (GOOGLE) (GOOGLE)
1 5	2606:4700:303... 2606:4700:3035::ac43:9e06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.97.253.3 3.97.253.3	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:4e:1... 2620:1ec:4e:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.117.30.33 34.117.30.33	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.192.121.18 54.192.121.18	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80d::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f0f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2003	15169 (GOOGLE) (GOOGLE)
1	172.67.75.100 172.67.75.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2600:141b:900... 2600:141b:9000::b857:ad5b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:9000:251... 2600:9000:2512:6a00:c:77c4:d500:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f011:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:220... 2606:2800:220:131d:1d30:1f1d:238b:1e56	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:6cc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:7f6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:221... 2600:9000:2211:5a00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:d5f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d6f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2606:4700:303... 2606:4700:3033::6815:4128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1f14:50b... 2600:1f14:50b:9a02:819f:ed7c:3c76:3d0d	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:21d... 2600:9000:21d5:da00:b:8c20:bf40:21	16509 (AMAZON-02) (AMAZON-02)
102	34

46 2606:2c40::c73c:67e3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.picussecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::200a (New York, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3035::ac43:9e06 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.97.253.3 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-97-253-3.ca-central-1.compute.amazonaws.com

p.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:4e:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.30.33 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 33.30.117.34.bc.googleusercontent.com

pageimprove.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.121.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-121-18.ord51.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::2008 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f0f (United States)

ASN13335 (CLOUDFLARENET, US)

7048931.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2003 (New York, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.75.100 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:9000::b857:ad5b (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2512:6a00:c:77c4:d500:93a1 (United States)

ASN16509 (AMAZON-02, US)

t.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f011:8:face:b00c:0:1 (Lithia Springs, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:220:131d:1d30:1f1d:238b:1e56 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:6cc7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7f6e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2211:5a00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::200e (New York, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d5f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d6f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:4128 (United States)

ASN13335 (CLOUDFLARENET, US)

display.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:50b:9a02:819f:ed7c:3c76:3d0d (Boardman, United States)

ASN16509 (AMAZON-02, US)

tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21d5:da00:b:8c20:bf40:21 (United States)

ASN16509 (AMAZON-02, US)

d3lopmpcew67el.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	picussecurity.com www.picussecurity.com	8 MB
6	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 8845 track.hubspot.com — Cisco Umbrella Rank: 4128	3 KB
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 6317 px.ads.linkedin.com — Cisco Umbrella Rank: 733 www.linkedin.com — Cisco Umbrella Rank: 779 px4.ads.linkedin.com — Cisco Umbrella Rank: 6554	164 KB
6	popt.in 1 redirects cdn.popt.in — Cisco Umbrella Rank: 37490 display.popt.in — Cisco Umbrella Rank: 36977 fonts.popt.in — Cisco Umbrella Rank: 99702	65 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 3809	18 KB
4	cloudfront.net d10lpsik1i8c69.cloudfront.net d3lopmpcew67el.cloudfront.net	53 KB
4	visitorqueue.com p.visitorqueue.com — Cisco Umbrella Rank: 307341 t.visitorqueue.com — Cisco Umbrella Rank: 154143	5 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 6729 forms-na1.hsforms.com — Cisco Umbrella Rank: 12260	3 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1159 syndication.twitter.com — Cisco Umbrella Rank: 1451	132 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 344	38 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 7456 forms.hscollectedforms.net — Cisco Umbrella Rank: 7895	26 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 189	89 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	165 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
1	on.aws tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws — Cisco Umbrella Rank: 96950	1 KB
1	google.ca www.google.ca — Cisco Umbrella Rank: 8003	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 166	258 B
1	google.com analytics.google.com — Cisco Umbrella Rank: 406	258 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1604	370 B
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 6922	87 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 3866	21 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1365	5 KB
1	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 8088	18 KB
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 10931	748 B
1	gstatic.com fonts.gstatic.com	38 KB
1	hubspotusercontent-na1.net 7048931.fs1.hubspotusercontent-na1.net	1 KB
1	pageimprove.io pageimprove.io — Cisco Umbrella Rank: 88635	5 KB
102	27

	Domain	Requested by
46	www.picussecurity.com	www.picussecurity.com
5	track.hubspot.com
4	js.hs-banner.com	www.picussecurity.com js.hs-banner.com
4	cdn.popt.in	www.picussecurity.com cdnjs.cloudflare.com
3	d3lopmpcew67el.cloudfront.net	cdnjs.cloudflare.com
3	px.ads.linkedin.com	3 redirects
3	t.visitorqueue.com	www.picussecurity.com t.visitorqueue.com
3	cdnjs.cloudflare.com	www.picussecurity.com cdnjs.cloudflare.com
2	forms.hsforms.com	www.picussecurity.com
2	platform.twitter.com	www.picussecurity.com platform.twitter.com
2	connect.facebook.net	www.picussecurity.com connect.facebook.net
2	www.googletagmanager.com	www.picussecurity.com www.googletagmanager.com
2	fonts.googleapis.com	www.picussecurity.com
1	tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
1	fonts.popt.in	1 redirects
1	display.popt.in	cdnjs.cloudflare.com
1	syndication.twitter.com	platform.twitter.com
1	forms-na1.hsforms.com	www.picussecurity.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.google.ca	www.picussecurity.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.picussecurity.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	app.hubspot.com	www.picussecurity.com
1	js.hsleadflows.net	www.picussecurity.com
1	js.hscollectedforms.net	www.picussecurity.com
1	js.hs-analytics.net	www.picussecurity.com
1	snap.licdn.com	www.googletagmanager.com
1	cdn.mouseflow.com	www.googletagmanager.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	fonts.gstatic.com	fonts.googleapis.com
1	7048931.fs1.hubspotusercontent-na1.net	www.picussecurity.com
1	d10lpsik1i8c69.cloudfront.net	www.picussecurity.com
1	pageimprove.io	www.picussecurity.com pageimprove.io
1	platform.linkedin.com	www.picussecurity.com
1	p.visitorqueue.com	www.picussecurity.com
102	38

This site contains links to these domains. Also see Links.

Domain
app.picussecurity.com
hubs.li
partners.picussecurity.com
attack.mitre.org
www.fireeye.com
github.com
msrc-blog.microsoft.com
twitter.com
www.linkedin.com
www.facebook.com
support.picussecurity.com
medium.com

Subject Issuer	Validity	Valid
www.picussecurity.com GTS CA 1P5	`2023-04-08` - `2023-07-07`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
p.visitorqueue.com Amazon RSA 2048 M01	`2023-02-22` - `2023-10-31`	8 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-02-27` - `2023-08-27`	6 months	crt.sh
pageimprove.io GTS CA 1D4	`2023-03-16` - `2023-06-14`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.mouseflow.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-24` - `2023-09-24`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.visitorqueue.com Amazon RSA 2048 M02	`2023-03-17` - `2024-04-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-06` - `2023-05-07`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Frame ID: F53580CAA6AA3AC6141F7E3EF141FB3C
Requests: 100 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.picussecurity.com
Frame ID: C680D3DCDFAACA3E0CE4552DCDD2211E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds BreachFollow us on LinkedInFollow us on TwitterFollow us on Facebook

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

102
Requests

97 %
HTTPS

79 %
IPv6

27
Domains

38
Subdomains

34
IPs

2
Countries

9152 kB
Transfer

11962 kB
Size

28
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://app.picussecurity.com/signin
Title: Login

Search URL Search Domain Scan URL

URL: https://hubs.li/Q01d0sx00
Title: How to be a Threat-Centric?

Search URL Search Domain Scan URL

URL: https://hubs.li/Q01hLVjg0
Title: Your Ultimate Guide: The

Search URL Search Domain Scan URL

URL: https://partners.picussecurity.com/prm/English/s/applicant
Title: Become a Picus Partner

Search URL Search Domain Scan URL

URL: https://partners.picussecurity.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://hubs.li/H0N77MF0
Title: Purple Academy

Search URL Search Domain Scan URL

URL: https://hubs.li/Q01Cz4JP0

Search URL Search Domain Scan URL

URL: https://hubs.li/Q01cN8Jq0
Title: START YOUR FREE TRIAL

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/enterprise/
Title: ATT&CK for Enterprise version 8.1

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Title: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1587/001/
Title: https://attack.mitre.org/techniques/T1587/001/

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1583/003/
Title: https://attack.mitre.org/techniques/T1583/003/

Search URL Search Domain Scan URL

URL: https://github.com/fireeye/sunburst_countermeasures
Title: https://github.com/fireeye/sunburst_countermeasures

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1195/002/
Title: https://attack.mitre.org/techniques/T1195/002/

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1569/002/
Title: https://attack.mitre.org/techniques/T1569/002/.

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks.
Title: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks.

Search URL Search Domain Scan URL

URL: https://twitter.com/vinodsparrow/status/1338431183588188160?s=20.
Title: https://twitter.com/vinodsparrow/status/1338431183588188160?s=20.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1543/003/
Title: https://attack.mitre.org/techniques/T1543/003/

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1078/
Title: https://attack.mitre.org/techniques/T1078/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1553/002/
Title: https://attack.mitre.org/techniques/T1553/002/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497/003/
Title: https://attack.mitre.org/techniques/T1497/003/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/003/
Title: https://attack.mitre.org/techniques/T1027/003/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1070/004/
Title: https://attack.mitre.org/techniques/T1070/004/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057/
Title: https://attack.mitre.org/techniques/T1057/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1012/
Title: https://attack.mitre.org/techniques/T1012/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071/001/
Title: https://attack.mitre.org/techniques/T1071/001/.

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1568/002/
Title: https://attack.mitre.org/techniques/T1568/002/

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1041/
Title: https://attack.mitre.org/techniques/T1041/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach&text=Tactics,%20Techniques,%20and%20Procedures%20(TTPs)%20Used%20in%20the%20SolarWinds%20Breach

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Search URL Search Domain Scan URL

URL: https://support.picussecurity.com/
Title: Customer Support Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/picus-security
Title: Follow us on LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/PicusSecurity
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: https://medium.com/@picus
Title: Follow us on Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2042428%26time%3D1682818356520%26url%3Dhttps%253A%252F%252Fwww.picussecurity.com%252Fresource%252Fblog%252Fttps-used-in-the-solarwinds-breach%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync=true&e_ipv6=AQICuuV0_mhPQgAAAYfPylfhlY8DzPgTlmBaIb7WD5xA4iKJSLc-HFsTD8Fg0ywdg9Iv23fb

Request Chain 91

https://fonts.popt.in/?family=Poppins&display=swap HTTP 302
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

102 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ttps-used-in-the-solarwinds-breach Show response
www.picussecurity.com/resource/blog/ 90 KB
21 KB 575ms
406ms Document
text/html 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a9aa2164078369581e00b4f103ae6b72e2af06d4ccdd21d4860cc0e567f2d9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7bfc0820eb277150-YUL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 30 Apr 2023 01:32:35 GMT
edge-cache-tag: CT-35690729167,CT-37343780183,CT-38790370719,CT-42818986501,CG-35190412163,CG-7048931,P-7048931,W-32488136213,W-32488280065,W-34050730072,W-64658820451,W-73083427611,W-73190335558,CW-106636205147,CW-113292746136,CW-39027676914,CW-39038130957,CW-41162016556,E-32300259976,E-32300424271,E-32300424286,E-32300424289,E-32379253675,E-32379319518,E-39027126556,E-39027330934,E-81509078165,MENU-32488136213,MENU-32488280065,MENU-34050730072,MENU-64658820451,MENU-73083427611,MENU-73190335558,PGS-ALL,SW-3,B-35190412163,GC-113292746618,GC-34050452150,GC-39027690571,GC-39027888131,TS-32295139665
etag: W/"f4a9296845ebb99c96f4ef14d6a3ff41"
last-modified: Fri, 28 Apr 2023 14:55:55 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LwuYTgLufN8nsPanQu8AxfAh%2B5S8pHV9bbIcinzXL4%2BKryDXYEF16S3QF2aoK%2FqET2iGMr8OSmgPcGEkXuC7F5DxEjU6qSwdkgNMHV%2BvuYzQKmjjfnpT9u7Ms6wuBPlXDbU6ZVxjRQGg75D%2FGtITVlT6qw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-0s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 38790370719
x-hs-hub-id: 7048931
x-hs-prerendered: two-phase;Fri, 28 Apr 2023 14:55:54 GMT

GET
H2 200 index.js Show response
www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 71ms
65ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
age: 727644
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoJWnlYwY7rzYqpACUroHr%2BApPdnYdQW3U0OakJAnAhcBNvmqmyRIBVYNwOFGtiOrw3R6N7m7Jyk46%2BVEKZNfpxi8OKBGB2ncDQDgjLAvV1XUygxcw1P6FUI0MprwXSh2xE7LjTK9JsxRz2jO0MUSSQs0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfc08238fc67150-YUL
x-amz-cf-id: 972np9mPZhKHOIFN0mLjeFkkJgzV7HTtreMjrDCXJ0wHnwAHkHS9hQ==
expires: Mon, 29 Apr 2024 01:32:35 GMT

GET
H2 200 project.js Show response
www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
938 B 71ms
66ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
via: 1.1 5a1807a94b5298089c25d4896aabae66.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
age: 7354828
x-amz-cf-pop: YTO50-C3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJtztIoM5aWEYoCrUBHb6pgq8oZoDJ7B07E%2FqzJCamXEr8itVzVttQkAo4l5m7UL3DskishYehqxGzUe5uKvk3LlXiYkKzKhoE1xCS2d9TYmKRuMrDxWQlZfPnJB2AQpVg98%2BztPNgzmtLMdrc7mWR6zQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfc08238fc47150-YUL
x-amz-cf-id: Vk76A2GlCd1FW_EMcCXPh96j8insCeW3sv73PiQhJoQKXyTmdDzZhQ==
expires: Mon, 29 Apr 2024 01:32:35 GMT

GET
H2 200 project.js Show response
www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 78ms
73ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
via: 1.1 71a526986d4783c392830d78e04e3446.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
age: 1479405
x-amz-cf-pop: ORD53-C3
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LW9qnSKQiBZ59lusKpjz2ndMc%2BZOlBqTjM8YOUfROzyYWpTchJeXOWoQGd2RtS49sivGIPDsqqBihxao4NyyiuO2fJjSNiTubpZCtjtvOrIr%2FrWoGpMAv4FLfIyLnVHc%2FjNhg%2FitQToBq%2FWtjN2xx1KCzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7bfc08238fc87150-YUL
x-amz-cf-id: _8ha5aAHbt-YvdM3qJbvSyRIQswbFKJ0AK7N0zC1T1E4GDSC9OrfaQ==
expires: Mon, 29 Apr 2024 01:32:35 GMT

GET
H2 200 main.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/ 69 KB
16 KB 281ms
277ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 157f1152a47eabe7043bc89407000ea8c002e5012170a0ffb8c04e8711178a35

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: HKJM7HZHKZTMF0BD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"65f136f635fbb1188546c35cb890f3de"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682691954399
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .UQVzjksQmrn3TcEM7iOr3En.TRAUAgI
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 147
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /xiwiLuBt7mH0JsoUiSzOTfClhg7/mlEnrbOeIrlITMMGYJek1tMWTpomGnd8M8lhjWK0A3sRIWDdt1HBXSEWQ==
x-request-id: d2e10ac5-409c-44a6-a28d-28f065f057d9
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 14:25:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OGKK6vaS2%2FxVQCa1jvbZGQFSAm%2BgrqhhTZbASsX2NyLboJQRCNQfHuIg1sjfVFNJFmmAwpmU%2FPznLFUrH5DsWGeHSyxFBT1rtC6%2F77htllXP6yHlFIOSIloQroPDF3Wb50fMeNSYZjv9Ha3Th7beiS8p7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7bfc08238fb17150-YUL
x-amz-cf-id: DTXOn2gjkD8hIBVFsTUgmazmOO7PMym4r_y3x1uR0sntBec3zTm-qA==

GET
H2 200 theme-overrides.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1682693729842/Shield/css/ 28 KB
8 KB 223ms
219ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1682693729842/Shield/css/theme-overrides.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 038dbf0a8e67140f0795914f07367044b1cc5cc79de0bdc98e9ba71f62314a33

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: HKJVXQTYEPZN0Q7H
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"661eb7b70effddf1633b50afee656986"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682693729842
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:35 GMT
via: 1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: eRB9SOSoYsjso15D5HJn_RAmAcrAi.NU
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 131
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 9LxPbznUY0C+OlvkjYD8AlvrHMjhucTkjmPynLR/oyzxOCFpSLiN05nqzf4q2iLF9m2BGn3Ga1k=
x-request-id: 72b5f1fb-8cfe-41e6-82d1-27c26ecee41c
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 14:55:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPHe4arSu%2Fz9c6docUhc07ID9Fa5B7kY2xBFQmKFMcpJp7zmTQd%2F4pib2rYle9yKz2sg8J0HIeoQ%2FHa6HwwanXacEWBCBc%2B5jC8Xk%2BhJ%2F%2F%2BpWgwGjOWDLCd8NdUTZ%2B%2B%2FJ6iK5zDFYmC6xq7OFN8rU7pLQw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7bfc08238fb57150-YUL
x-amz-cf-id: QAtmyiZTkN_OdawivIgl8bJmilXPEQUjyivhArIC8SJIjPL3DXyH8w==

GET
H2 200 shield-animate.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/ 15 KB
3 KB 260ms
257ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/shield-animate.min.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: HKJGS45K77SGDDBP
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"dc33969eb4c5a40ef5e6be0462874811"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682685747003
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: O4dE7lsH.Q5zJBakndHS_xCk2kcdIjSC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 156
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: s2xRgzfuCNogqHR7OsJmsxXu5P1066hyH6PB9f7jRKRK2YBQWQyrRgHmc4bbu1BXWqgQ8mvetvM=
x-request-id: ef7ff1b6-b0a8-4298-a9f6-838933807aa9
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 12:42:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d24hF%2Bcl%2BF2NCCfu6s1KVpecenRkk9fZkQWKME0cbueEQzBEbnUWPgKDTjvP9%2B6XkkJd%2FDVJcIIfQ5VNXfegmyzL4at%2BlkGkDNDA%2F8TbNkRBuI5LyTNnkqHEmbCilYXDbspLk49qOzyeeyTx1iVmjkg0%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7bfc08238fb97150-YUL
x-amz-cf-id: eHvUqnQdq_a13yUweH2RFi1Xvhc_kH9GLSJ8w4sEjbPkKtv5Nm3Bng==

GET
H2 200 module_113292746136_Announcement_Bar.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1682693327583/ 1 KB
1 KB 362ms
358ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1682693327583/module_113292746136_Announcement_Bar.min.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 804f8a758fd30f2684d13ab752eee92d828ca1d9f0ece5afda1972e403f1bd00

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: HKJVQTSG2CC274C6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"f612beec80a9aaa4f774bb831ab7552f"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682693327583
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GIMW8tSbOx76CmPwj1PdPFw.kzCmlpKO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 180
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: fK0JVcMJBvXCMptgqC1CdYGGkgDxuPpJRP5AoOt3UvEzAYYrMmyuvCbnXJInMCxrl52Dd56Uzl8=
x-request-id: 362a7b21-9b9d-4467-bf1f-faaa6f47399f
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 14:48:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IypDM6bTVxIIdLtDE9aJZNNLcn3oAzzhjvwojYGlrWBBZq8RyBN0PnW7j0%2Bw5RqyQp7ngfIXQI60jZ%2FUM8v5%2BV9ci5ZCNIUjjgzfk9A3XNveiud0p9tkS9bERL8ZBGEu3n8jrT7x1dKNXMplOAXbNNOdgw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7bfc08238fba7150-YUL
x-amz-cf-id: 843arVd2q04qNzkI7TxtsssfEkOKxVuDyrbbsspa71v43sfGf1TgQQ==

GET
H2 200 module_39027676914_Mega_Menu.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/1682692023535/ 13 KB
4 KB 272ms
268ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/1682692023535/module_39027676914_Mega_Menu.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fc71dcb60a67ba1393e8cc2f25b2327aa6fe0ae502aa99b84f3df2ddcab5577

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: HKJWFM7SVBV7WJKB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"847f5983a6974ce37880031cf4890c33"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682692023535
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 05E0bbmTiHS7YN4GCl3ece_Ck2Db7R0A
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5lisjxuERhD85wWJVxzTbOfTdAAlWIFLM3LH8pJPiqs4X6dixO5th+Z6/fQHN7v5q82mYr1f6ww=
x-request-id: da0b2447-79bf-47dc-9ecb-933f5eb74ad5
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 14:27:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAWxngXBAa6p4r2%2BxNJsm%2F4lFB8iVZEpDjgb9YWCCbeBYrNDquszxgl53B0StgWNuTBBAE1ew1oBi04GP%2BxeP1U9DXUOeOvmtWmqIds865LtTvWMm79bRA%2Bw5I%2BgO8OzQ1zBDv0N7m7TaE07tiIUPBcSsg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7bfc08238fbf7150-YUL
x-amz-cf-id: 7HTZG9mG1R-RBWPieoCN70zX7HvRQnEMFI-2IT8utSTQh3eaT_XCYA==

GET
H2 200 module_39038130957_Lead-Magnet-Banner.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/ 521 B
1 KB 386ms
383ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/module_39038130957_Lead-Magnet-Banner.min.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: BG7N0WMYZ4V7989V
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"b598cb9f535e9d39bea6fb4c7afc98a2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1608575808109
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _6kG0Z6N7nb2Amvf0P3QvVEgQec_PKrh
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 123
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KM4m9bFfDjz0AHYiKAV8cSBEudXjeoIfslSYZDVeX8TQLK7J2zsEg0c4KUrdBX4F3Pcjt5F1Q2s=
x-request-id: a1cec12d-bedf-41e0-ba49-b92f3be1fbac
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 21 Dec 2020 18:36:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=POqxEIUBRZOd1aMkzV0i4I3B8yWYlrGbrRja50VKEK8BaFPiZEQddTPW5Zw6AIAfyOrDArgHFqp3Lonpar1O7Bv%2F6K1LZVwn6yFLxr2UFOb%2BGJ3M44kgTPUqBfskMuXg8edzCme6wtb9lHfmAGljrAaoyg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-r4k2f
access-control-allow-credentials: false
cf-ray: 7bfc08238fc17150-YUL
x-amz-cf-id: gIY9UeptxSohbriOgcm-6Hl1lUP4KQRNs5ysIgkEMxLlxo8TvvJrMA==

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 47ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1490682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elK5FEsH2yJ7zbz2FxLsO056nGFAw8DqkMqEEfeRcUE5RzN2hdX%2BVBkih%2Fo3MXjW%2F9x40KQRlBZs0FBW4za8ylEGpiWEKPC69MBYYYwdE6I1m3braWVDMCLwSDdbwP0vJEMx92q7tpJPR7Rw9oQQAs8t"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bfc0823acb17154-YUL
expires: Fri, 19 Apr 2024 01:32:35 GMT

GET
H2 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 11 KB
4 KB 49ms
22ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6239732
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3718
last-modified: Wed, 18 Nov 2020 00:51:42 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5fb4701e-2c03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebEX9fR902RiuHB6pl6HsAHi0aNWkoIOjvKzgOZIQg9OC3mjMHZUehbrgRElGlRhHxKr03Z%2FbABTeMDI6h6G59xZ6souDc60RK6GKksSmO%2BoNmzS2Hn1zbtAVa0gfFPdx57Z0VZIypeJJCf7XBlIX8C0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bfc0823acb57154-YUL
expires: Fri, 19 Apr 2024 01:32:35 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 83ms
35ms Stylesheet
text/css 2607:f8b0:4006:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400i,500,700&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86b7392f3afd63ab1e1b097b157bbaeb34953ecaa69d721ce7e46ddbda429cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 30 Apr 2023 01:32:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 01:32:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 30 Apr 2023 01:32:35 GMT

GET
H2 200 pixel.js Show response
cdn.popt.in/ 221 KB
49 KB 101ms
36ms Script
text/javascript 2606:4700:3035::ac43:9e06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/pixel.js?id=64d678615e3d0
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9e06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52f8e951ff8d0ef447f9f7da1d5bcbba721d2a8498cfcc02e15a15114d5080f7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-amz-version-id: 95m_OVDF6l8bYLbRaeEvgEBvXWzQtD93
via: 1.1 100ce1d37f67e6c59753cd4c9c473afc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P7
age: 3768
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 Apr 2023 10:29:00 GMT
server: cloudflare
etag: W/"372e4c5e29719a414f3c039ac5708ebd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gQboJ3nACyA6ICiwxU0xw6MzNG31jlcScltLDFKcFPJMEjpeVNN9vyv%2B%2Bu8S0I4CuIzVZPA63RvHAInHTzznHaXbzD1zLB4Dw19g1XHALkQux0lrhXK%2FWomMiBlreIHmU3syANKRI4r6rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=1800
cf-ray: 7bfc08268ae21899-EWR
x-amz-cf-id: iVDhyYnHHCvyGrG21-loDV06DNzGV7E8Pr4oPP090auR55-b5C3Kpw==

GET
H2 200 67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
p.visitorqueue.com/styles/ 0
117 B 117ms
16ms Stylesheet
text/css 3.97.253.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.visitorqueue.com/styles/67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.97.253.3 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-97-253-3.ca-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 30 Apr 2023 01:32:35 GMT
access-control-request-method: *
access-control-allow-headers: *
content-length: 0
content-type: text/css

GET
H2 200 in.js Show response
platform.linkedin.com/ 509 KB
160 KB 147ms
18ms Script
text/javascript 2620:1ec:4e:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4e:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c6609f80e029478943fe4efb505b13d149e792d09bf99619837497996f472517

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-azure-ref-originshield: 0NcFNZAAAAAA+XJD9ftvJRa1wMIFhWnAATU5aMjIxMDYwNjExMDQ3ADIyMjZhM2ViLTAxZTAtNDdiZi1hY2EyLTJiMDU4ZGZlYWQ3NQ==
x-cdn: AZUR
x-cache: TCP_HIT
x-cdn-proto: HTTP2
content-length: 163382
x-li-uuid: AAX6gued3lf0RC/SRWu+Gg==
x-li-pop: prod-lva1-x
vary: Accept-Encoding
x-azure-ref: 0M8VNZAAAAAB/Ld3OPJb9TJYqCqzN6yzIWU1RMDFFREdFMDkxMgAyMjI2YTNlYi0wMWUwLTQ3YmYtYWNhMi0yYjA1OGRmZWFkNzU=
x-li-fabric: prod-lva1
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Sun, 30 Apr 2023 01:37:02 GMT

GET
H3 200 logo-original.svg
www.picussecurity.com/hubfs/ 2 KB
2 KB 227ms
224ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/logo-original.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee596884317564904ae040715f9d2961b96b088c0034ff3f4904a6ddfea7221f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-54707499331,P-7048931,FLS-ALL
x-amz-request-id: K1DGJT8CJZ5B66XX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-54707499331,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"ffa324dc95c671fc8929e2bbc8f9a038"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1631012484087
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: BgSjLq3V3YN8qkwdl5C9D8U1riGsc.5a
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-54707499331,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KkepOkrRshYA5BoVLyQ7nMhgl4slfcyfZGMrHB+NSE0IlvGP7Bz3upkMKVxDi/VNcEjKRa0oaXw=
last-modified: Tue, 07 Sep 2021 11:01:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lgBUWBUe8qDDSF2cw2qeCbsud7bD2NNoUNe0oZeNT9yyTmCZz2KZjG1Q8lbQTNqsdsrWMuYcJu8Ljj6nEQeK6kwgSAEc7pO1kUqSjiwpxWSCGGQk9l02eJuXThSSU8hO4aeidQuPkkWgpp8eDMhG%2Ftmag%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c264bca-YUL
x-amz-cf-id: OpZPEPQMOW2NSuDGnosvh7yAI0Z7C_8JzWQWKT0gm1st5vvwyCzhDQ==

GET
H3 200 Picus-Logo-white.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/ 3 KB
3 KB 198ms
195ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/Picus-Logo-white.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b56746f2d05def7f07306b7bc82f78e760d941f0cfecd0be1fee183f478a91

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-109641261603,FD-109649776950,P-7048931,FLS-ALL
x-amz-request-id: RVKBQSWGBM99JYW6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-109641261603,FD-109649776950,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"888e83588183bf7b14a529d7daae6c27"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680703973568
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 6RwEt3bs8aBkvM5U9tilqcPSdQM428Zt
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-109641261603,FD-109649776950,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KJ40oX1/2XjisboUgu34C8ly0hHNEVi0b33un4K3GkOS3/WbLcj69Sdxo29v6ccJpuBj58OCpqQ=
last-modified: Wed, 05 Apr 2023 14:12:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y9e%2FqzxGtNQsGh7dvlo6vNFdVP16msJUJQvRfJh%2Fr6oYF6DGDxftZ%2FW2gwfCaVBEN2D%2FsrO2fimqd3fwj55cjAEKGuwFzJpp6gD%2B3OB%2B88JJ%2Bca52Qde0cJ%2FeQmfFDYdCANx1LFXvH6sBouDls9mh%2F6%2B5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c284bca-YUL
x-amz-cf-id: fokr5_X81m_VsuQs8y0tMJsH6tmQLMj6Xk0QkKZp7npx-gXKRlgEjg==

GET
H3 200 dt-menu-arrow-back.svg
www.picussecurity.com/hubfs/Shield/Images/ 296 B
1 KB 251ms
248ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Images/dt-menu-arrow-back.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d214792b986a7986cf226ad5f346fa58b7857bcfee980f8c3bc897cf17df564

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39038396307,FD-32586780943,P-7048931,FLS-ALL
x-amz-request-id: RAM97XEWXEC4QP12
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39038396307,FD-32586780943,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"8132c994dd553ae56f7b61821b5a1880"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608573443493
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: bS6RQKhadAIkt_eobirV6GoH5Y3lWA.b
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-39038396307,FD-32586780943,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uqbIKbj5R002tWzMipDH4xiM3s7B0YAx6NWT9e2DkDeizZaJa7w8fWiWHOBRlBaANtz78DDpd9jYOQ9gSjfWyA==
last-modified: Mon, 21 Dec 2020 17:57:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npBoFA1UcxS0cwG2jFzJ%2FASU3us2yDWOVu8vOZXJxRZBFqIVzyMfGAxeRfJ%2BhubWPGtiu9GOlFkoPYJKdjTdhmgsk6omAGLjkgm%2BUGfvX7qEutuSbbgBSJKNIg5ou34Sycnci7G7In5lcQlQZrzjWP%2BMbA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c2c4bca-YUL
x-amz-cf-id: sDHBnD4fcNsOxIrV6VVKuxQMr7_VW6tLLTai2LMRHaWTmYhAN3Iv7A==

GET
H3 200 slider-arrow-next.svg
www.picussecurity.com/hubfs/Shield/Icons/other/ 312 B
1 KB 318ms
315ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Icons/other/slider-arrow-next.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdce0b54370929aacc3fead98822cd9193639271d9a7dcc7c0c478f1586409ea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-32498117729,FD-32439749862,P-7048931,FLS-ALL
x-amz-request-id: HRDT6T2G3XDQYYVG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-32498117729,FD-32439749862,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"4e9ad5b9cbf4dae43f95e76a913be069"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1594995438317
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wcG5Xq1sOYNBFF9SuxmduAYWAF34VkL_
x-amz-cf-pop: IAD89-C1
x-cache: RefreshHit from cloudfront
cache-tag: F-32498117729,FD-32439749862,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5FeiE8vQUN61zWBZ37XxHnFcuM81L+VZcJtwwoujZEVt3mvazeZTtIwVWV3UEAM0ZicWO5ybVYo=
last-modified: Wed, 19 Aug 2020 12:01:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OZYPglNsh%2FVccV9FAPULTnDozY%2BgUQMNL%2Bo1xASQcw69Kxt1kcPwu2bKL2eW9vkJPMZzSpT7LYe0cPu8OroGW%2BPmW4QkyOCCiicta9wG7hvZ3r71Ot2MrcZhp0gOLzd9T9KpANZRP9nRClT3RfmiXpR7FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c314bca-YUL
x-amz-cf-id: 6fcudMrwCpYXSKTAsF2zMF176NRj2DPsZu4glIYagE6lpOkC2Hs8dQ==

GET
H3 200 latest-read-more.png
www.picussecurity.com/hubfs/Shield/Icons/other/ 1008 B
2 KB 292ms
289ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Icons/other/latest-read-more.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 223af9efcf2ebb78d010ac1d3a3b104fadd39c7e4ac1006a870188c83e669dbb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-35167957239,FD-33856159417,P-7048931,FLS-ALL
x-amz-request-id: WRGVF948SMT49CQY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-35167957239,FD-33856159417,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "8b99c79fa5d57e315a96fb53f700ed7c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1600674553337
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: G_6fgNJnx8wU8ekxOFLoFWHteElCksu6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-35167957239,FD-33856159417,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1008
x-amz-id-2: i7G58/HpPyakpBnitZJRDPBBcypYqRrYC4Z2WSQz6dWF8VVZcdrGxBwg1LD0bL7x4jR4jttGYto=
last-modified: Mon, 21 Sep 2020 07:49:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ui0uV67qsTxlVLoERdJChEu39NifsbyT4PkXWcbOR53JVd2pX3BHHWkHGznBGiEFFAaxuHQVaBygErzDAHYcoj9xrKAUHohrpUGbaexYYqvGwt2sFBQ1dzkLak%2BUqOFkrAvlbGt%2FkqWYdGvu1lLkDm2Q%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08261c344bca-YUL
x-amz-cf-id: 4EF6DFHVNxmnm2fPWLqQlvCAsSuGViEkg-gDNIWP9D3HhnemE7GLZw==

GET
H3 200 mega-nav-burger.svg
www.picussecurity.com/hubfs/Shield/Images/ 673 B
1 KB 259ms
257ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Images/mega-nav-burger.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1018aad3ed798d98490fb01484d0aaf7ba3528f74288091644ae53523c3aa82f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39038395941,FD-32586780943,P-7048931,FLS-ALL
x-amz-request-id: 60ZY1ZRYZN403JX1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39038395941,FD-32586780943,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"c2bcd687517100165c2d2b3098b97b73"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608573140741
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .T459IPq_rl_ho8gXG.ZZePe1N2.Y_rE
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-39038395941,FD-32586780943,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Ix3Co2lDWVbSi0a0tWvfP0RN4+51J9ZDa8EDzLbr9kWzSx78VyRDZhleTV81CHqNFPI1TP9WHA0=
last-modified: Mon, 21 Dec 2020 17:52:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vU4EiIWirnwIhlp66phELpF453%2BVG93kJ1%2FiHikylkUMDQKHz4QCYf89K3c4q58xPKlGBEnFdmsIdC1QV8g12beMaSSUlrJ8FD%2FsxpKso24bIIZy5L3%2BiGVpRyGW684irn7vZ8FamD1aFL3GMGUklX5oPg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c394bca-YUL
x-amz-cf-id: mB1_2jPtVLaCa067pUwcDW18pppCl0cgth4FJsG7uEjuz9VUHU3QXg==

GET
H3 200 mega-nav-close.svg
www.picussecurity.com/hubfs/Shield/Images/ 608 B
2 KB 249ms
246ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Images/mega-nav-close.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 182c0c4a049b82ebaa738d7c22e68bceb8aad2f6d78b94c300b80613c92bff0a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39038468543,FD-32586780943,P-7048931,FLS-ALL
x-amz-request-id: W6EMR6MWF36GP4F4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39038468543,FD-32586780943,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"cec65b8f70f2c97f2118f8560d6b82a4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608573183370
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IE0DyU0kAI_Z9ApqF3Hz_dDPnQZu2OaI
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-39038468543,FD-32586780943,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uHIRjX14xNPcYVR3HnfnXBxWPy5gCHL6/l2mc+rNpklsZQWROSKUjeqPvCMpjYOa5VIjOEC1GC4=
last-modified: Mon, 21 Dec 2020 17:53:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4%2F24IU51%2FlLLtmirpR2EpmNVfASnDtWkcUugh5Ym1p%2F7yV%2BFuvHhk6B72OStOOplb7%2FOJhg8V4HHeK0qfaMQlkf%2BLMF7zZ1QSrJu%2BfMX7CAZEMrzX2aSBSdBqoH5eAiGdNq7uBjidm0eF3t4ZLxrlCUGA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08261c3b4bca-YUL
x-amz-cf-id: qGGUOVt4Qf3Dfi04-aT_-TywyT03Cuhh9aOh5ZrX0x-CCpo3hGZahw==

GET
H3 200 twitter_black.svg
www.picussecurity.com/hubfs/ 3 KB
2 KB 210ms
208ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/twitter_black.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd28cf99e2e8aa2015c80e6a4de778bf326824014f8fa42de3606f45b930b76c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 1448f69604d5be1f9c9f0c64cfa90594.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-26114461611,P-7048931,FLS-ALL
x-amz-version-id: XdS231XSTsQZlbZ2bdJrHVSVVgPTObTQ
x-amz-cf-pop: IAD89-C1
x-amz-request-id: GP1DQQ96MREKHPZF
edge-cache-tag: F-26114461611,P-7048931,FLS-ALL
cache-tag: F-26114461611,P-7048931,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /I7OX7+Wr+JAdvhxYvk1ig3878nJPaGNafgIs2QO6QJXh8CQ1aTY7j67b0Vha1vuXWM20uuPs/KVKC+Y1C4IRg==
last-modified: Thu, 20 Feb 2020 04:30:57 GMT
server: cloudflare
etag: W/"4a095070df5501e6303d14e972a0194e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hEVWNIPB1SjJuGyts6wXigbofgBoI%2FEHeIlOwdhIpo73VQ5Uk8FzHf4Re5cSJmKkbCnuDUp9t19L0qJZv5CQD9VOWi7DAFEp2U70DcPzERBxrA5gpJU1EKOYL8b6544m8b%2B0QNMp21PlUp9AtZP8BXgEg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7bfc08261c3d4bca-YUL
x-amz-cf-id: 1G-2F4dUA1CON6Q0EAZNAYnS5GNUYGH-yiwm2Sr-knncbDxdSE9OZQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 linkedin_black.svg
www.picussecurity.com/hubfs/ 1 KB
2 KB 281ms
278ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/linkedin_black.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-26106634639,P-7048931,FLS-ALL
x-amz-version-id: cxF8LRaoHAeGt3BhM7bUzN7AlCshNAnL
x-amz-cf-pop: IAD89-C1
x-amz-request-id: AHGMWB0V1TSJ4ZGN
edge-cache-tag: F-26106634639,P-7048931,FLS-ALL
cache-tag: F-26106634639,P-7048931,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: qg2UQnKug31v6dOvnhX/T2zXx1kCbVUmhS+n3o3Ctp2bWfgKwp10bVaKuQjBOqaQYVOJfQedWE0=
last-modified: Thu, 20 Feb 2020 04:30:55 GMT
server: cloudflare
etag: W/"cb53f1d14fd4d15a3313d2a24a524fb8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COw7VOjpVMs6ULCoVDb%2FaJIN7VRnRI4pij2%2FDKb4DN6NqSSr9x2VgWVzMcch5753csU6YG4iiIpZHDEX3Sa40TJWrte%2F2MqFj%2FUB4JFOXqRAss%2Bbvu04oOIhywf%2Br%2BTKiGaSDbQNj3h5D2BoYQUI%2Besnnw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7bfc08261c3f4bca-YUL
x-amz-cf-id: NHJu_GUx05y9YAuju5cJNK4UN4dDXy9yDRx30ehvT_iFyx7RFPLulw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 facebook_black.svg
www.picussecurity.com/hubfs/ 669 B
1 KB 289ms
287ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/facebook_black.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 814e6200dbb5865e94b7b0c1ba6129fe.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-26106634638,P-7048931,FLS-ALL
x-amz-version-id: 8CJrjrvqFB2TaFMkKGP3y_iXgtaroa19
x-amz-cf-pop: IAD89-C1
x-amz-request-id: GKEB84M3K4AR9A9M
edge-cache-tag: F-26106634638,P-7048931,FLS-ALL
cache-tag: F-26106634638,P-7048931,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5oIowpCSf2HzqIefVjYXlLcyrqCyWbBdqQwVdGnQx22aWZobOqlSgLfS8oG6hqhQ9hlIiYfi4UY=
last-modified: Thu, 20 Feb 2020 04:30:53 GMT
server: cloudflare
etag: W/"655ebdf8c830e8540b691af2f06d81c4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xQHqIwqKz1mtTIs6kdwnchsWtSKazhGL7EJR4OlJnP6KGMqhIcv%2ByipjUIQhAz4wQj7Z7fMCqF7qmt4jVfFsDIJiL%2FfQ8X1bkoamBZFWdR%2Fm76pV37owUWjqQAsGK8KLITKJR%2B8D1mOY4Qw32ZIXFwa%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7bfc08261c414bca-YUL
x-amz-cf-id: n1ysHTvUKrbS4O53qFQNLL36H593iX2ofSpkfBtaZneZ48kPwlkSMw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 main.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1682685743830/Shield/js/ 1 KB
2 KB 329ms
328ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1682685743830/Shield/js/main.min.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef0a0e5bb796f1a07e8054e517e697a8d0b7d8c9017aa00ef4c54102312d4999

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: RHBNRRFYAKY5N43R
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"0a4a0bdbb3681558df4fee4c53905889"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682685744020
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: j.K08h250zgcFgjEsvyqkQqevCO_CAGq
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 157
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: x/8jmlrbeLU6HoByJtHaFaxmIO9urK8XwyF9YqZ5zpLOtYN0H1OibC7dfZQaJouERaOxrdD6pz8p3Ae6jtlteuFanMCe+wmdtYbgA0bE1TQ=
x-request-id: 21f60f35-cf97-4586-ac43-93143567ee5a
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 12:42:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W94PZSTQHVbJXZ%2F7fbnuBNGr4XHcwzEhie6rZsjvl6wpOnvDFFLXuZUWmDEpvuHE8e%2Fn1iFFATxelJDmSQ42m3QZRNX6l5XgFQfiBqunga%2FLNFCx2MdKVz4uhWjEVZu%2BnPtbihQzJC8ER5m02xqzqyyGHA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7bfc0825cb8a4bca-YUL
x-amz-cf-id: 6geXSJ6kJoqIgRX5Ufxnyjia7L7kS0WupPcfRIwTlZYwCcMSl3dZmQ==

GET
H3 200 shield-wow.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/ 8 KB
4 KB 227ms
227ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/shield-wow.min.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: RHBM8V5JPW2J1T1M
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"6309bf850dea6345af0b537f2e628964"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682685740979
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3Y6ojRbIJ3_a2L0i1cyLjVOzG5krJ8PT
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: PEy3sHpXbh6I/+vVrT1rmMzrAi+cmkURoaibvp/+3gQAZazh4mOXn/O6VXc5fGt5HBWEoGvNXJI=
x-request-id: 39c59d72-729f-489d-b37d-5fe0bd84d15a
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 12:42:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CeEg6WQGKQ3F%2FAVotgrD5%2Bon%2F9yaLkEU3c6UcbiikzRrNHT2Sorcwy9qLTklP8QfcOT5CLz3uKNvjRMF9Rrr0bFMlpSFWjlqfivHFGspPgvJ93xIi3XUDjYEtdhNcra8qScw9PdTQRDT7BYtAPFwhh523g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 7bfc0825ebcb4bca-YUL
x-amz-cf-id: ZDMBUVkucYKUR2SZx0zdGjPGByvs9KA52qIG_o7BsqmHkdltPAu8Rw==

GET
H3 200 module_39027676914_Mega_Menu.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39027676914/1682692023504/ 1 KB
2 KB 280ms
277ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39027676914/1682692023504/module_39027676914_Mega_Menu.min.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30c582f4480ac01ccc5d0040483b6cfbdef887951b12871cbd62b6ab7e6d0b43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: YVZ0CF5A05JZGCZJ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"2e75b2ccb6d79ad01408224e3cf5f7d6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1682692023504
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Xo69.OkQB21AZMNoB0LhyBKHwseAGKUT
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 179
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Mplj7CIAQOu8letMcfp4HgHl3Ec7xqp+YfBthb0eZGSWXMh5791YbAeWJkxGkjat5ST4FbxNCkc=
x-request-id: fc43ad57-f880-426f-9915-53edc0f21f75
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 28 Apr 2023 14:27:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AasI3d3Y4crbFqSTOlKKaaitcgtff2Rpt0hwGzuupFAdYxpfEB4z%2FScEieI%2FE%2FLoR2nLin7d76P%2Ft%2BHtuOquHsi7HjpZ7VQLwxzFf4s8U1JFmSZEpe61nD4Lj7qkvsIrb9ooXb6BsPWR0cH9IEW4cJF6hA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 7bfc08261c234bca-YUL
x-amz-cf-id: 0iRH8WIOaQGFaVBpSwGJsxNGna53zgHycLDKl33e-4iaVvyEzlRNSw==

GET
H3 200 v2.js Show response
www.picussecurity.com/_hcms/forms/ 524 KB
171 KB 75ms
72ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/forms/v2.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
age: 94
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3102/bundles/project-v2.js&cfRay=7be7297f43a133ee-YUL
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"250bc2c0c0e298494335c72c83b09e23"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3102/bundles/project-v2.js
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 b471d3775e81a9be536b52b99f39452a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5gHIUZSUvmnzlEXn3ZiYc88hx3wrAZ6P
x-amz-cf-pop: IAD89-C3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 533411e4-5e46-41fc-9cfe-d9fff85ef461
last-modified: Tue, 25 Apr 2023 11:31:17 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeQEe7SI%2FlF0pJ45R%2BHO2DWX5NPvlkiQgy5sK4TnIY8kYN4DpkIvXOnDLKwOn%2BUVs6AInqlFnXwOjrPoS8MT%2B0InxHXbySFPLpaIgG1%2Fbk83reC7sg%2FRA6OGzewCTtd0oHTyFHLK7SmTQKXHxJ%2BPbkK3Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-4lk5b
cf-ray: 7bfc08261c254bca-YUL
x-amz-cf-id: t7OsUNV0EggqRgc9aNKfITnqGj_d0sCrjy4Z-Q5JPfwr_PsOGSqHzw==

GET
H3 200 7048931.js Show response
www.picussecurity.com/hs/scriptloader/ 2 KB
1 KB 179ms
177ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 959a72ff1653d96c5907949f615d9ee1e53a38c8529ce77b40e0d8395d24030f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 65875a13-f94b-4441-83a4-984d6ff14c1e
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 30 Apr 2023 01:32:36 GMT
server: cloudflare
x-trace: 2B569385AC2686E2EB3434B968E27C79CD45FB0E8A000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fIP3xk%2Fg4X6F5rRvXpF2SkYibV0gAQD8byZndKFC%2FHWCrrA8a9Hl%2F%2BJmWVbpBbH%2FT44gqrxkzH7m7mAhvdioBwkCHwywS%2Fnq%2FzeQCmjH0x9bbD4aDNZbBkfS%2BpBUcPfO387qfUkPst9Hg9EhRwI9Jd9h%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7bfc08261c424bca-YUL
expires: Sun, 30 Apr 2023 01:33:36 GMT

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
846 B 37ms
36ms Stylesheet
text/css 2607:f8b0:4006:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

910f1b8952bd56ea24508baf61956e59ccd2fc22e4069201300f891928f736a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 01:32:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 30 Apr 2023 01:32:36 GMT

GET
H2 200 / Show response
pageimprove.io/ 13 KB
5 KB 89ms
13ms Script
application/javascript 34.117.30.33
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pageimprove.io/
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.30.33 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 33.30.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7522c2cf228f80d9b1af1172f45d04b729d43dd8b9fc7cccb06eee2dd9629fed

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:10:56 GMT
content-encoding: gzip
x-goog-meta-goog-reserved-file-mtime: 1678466226
age: 1300
x-guploader-uploadid: ADPycdt3SLzWPB2rG-cye8m-2EmMd6C9G5Fl5atC-AHfXvO-isBpdjY6cW8IvJFzMmUDaMtwzR2e0y9-K82m4wSS4ecoMC-gsZKy
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4157
last-modified: Fri, 10 Mar 2023 16:38:51 GMT
server: UploadServer
etag: "432676a5846e294b1a77d1170fa3e21a"
vary: Accept-Encoding
x-goog-generation: 1678466331593232
x-goog-hash: crc32c=b8Pcnw==, md5=QyZ2pYRuKUsad9EXD6PiGg==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600
x-goog-stored-content-length: 4157
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 30 Apr 2023 02:10:56 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 110ms
27ms Script
application/javascript 54.192.121.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.121.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-121-18.ord51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:12:14 GMT
content-encoding: gzip
via: 1.1 f272f18064d81ea799c663dff05f02d8.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: ORD51-C4
age: 1222
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: hbH-hgJc_jLXeZpUa-cizOQvTFvsZo2W9P1yxnEazyN3oRXr_obRAw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 232 KB
79 KB 94ms
46ms Script
application/javascript 2607:f8b0:4006:80d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bda5d2129fbe423e6a9d5688f04ac8ea083052c3e38056ada7672f8ca1c38dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80193
x-xss-protection: 0
last-modified: Sun, 30 Apr 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 30 Apr 2023 01:32:36 GMT

GET
H3 200 mega-menu-down-arrow.png
www.picussecurity.com/hubfs/Shield/Images/ 121 B
1 KB 259ms
259ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Images/mega-menu-down-arrow.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/1682692023535/module_39027676914_Mega_Menu.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca9938198df5338b37787f18dddff8e8daa40170bc0cc39e6158c2280855e774

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/1682692023535/module_39027676914_Mega_Menu.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-request-id: W6EG6XGSGXTS02K7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "8e2b3f8a9be7c266f20ac70b5ef7c9ef"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608564034330
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oVZ1tmPGae_LgGyoO.g0kL81yj6KC.HE
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 121
x-amz-id-2: 7qUdZy8w1XLh/CAO4vs19CRDJcyyCCNjFV23wuNGny16xoWskxIxVCdONUU/RuYWK6d6bmLIN/Y=
last-modified: Mon, 21 Dec 2020 15:20:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pY0%2Fy9eYMVO7IN1Tl30deUlheye%2Btf9f4TtGdNwCFqfIpfMOvNBrso%2FvgddVb8tcZtt98rFyLiYQtoCYYbJg6vksHcj7evQF3MdzRBIVQ5LU44kZCi9z6h7HtesgYbnQIYjCZcNny3FBzLFgceWHhaU03Q%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c734bca-YUL
x-amz-cf-id: dplcMPUXbQOEhpshmJUyKxbBPhopLA2OJxtdLENmil9S4nihAdLeYw==

GET
H3 200 image%205.png
www.picussecurity.com/hubfs/ 2 MB
2 MB 373ms
372ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/image%205.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1402775094c080fbac255124fae43c0f2f2f103b6857a0b106c8e36daa79ea3a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38790288864,P-7048931,FLS-ALL
x-amz-request-id: QTJG4RBEPWPY6D1E
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38790288864,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "63e481c04aad6380b49baa9f9ee0130f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1608044640588
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 70k6JO2hVJ4CcG.ALOg3O57gyh1pV_aC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-38790288864,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2321336
x-amz-id-2: oq/pniG5TB6Ve/kQIUyJGqrwzWNLJm87eYHevR6H02Vfc7aitYCymAhOIHgwcCrLim1gCAYkAuo=
last-modified: Tue, 15 Dec 2020 15:04:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7pUcbmS9rpyUmcwZVVkdFn6MeafeiWA%2BlsrD19UcGoyqqsAEp7w259LGqCmb%2Bo6ApU79ViMLuOkEg6RqNWCG1fR8CfGYAK%2Ff9liJlKNnpUvG7ynm3pC1phsB5veg%2FTJwc7fqhCMsuI3B0LQvW3yJyIe9g%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c7d4bca-YUL
x-amz-cf-id: nC_xmPrAfGlDuFVmYuzDahtVlljnUj21AlLvn0m6xaD-soikN57vMg==

GET
H2 200 background-pattern-20.svg
7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Shield/images/ 1013 B
1 KB 501ms
460ms Image
image/svg+xml 2606:4700::6812:f0f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Shield/images/background-pattern-20.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3145adf1bffb7600649b9ec6dfc09809307e270dbe6283dbb3c217677a33a2e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
x-amz-meta-cache-tag: F-32587224910,FD-32294001075,P-7048931,FLS-ALL
x-amz-version-id: mViV1q64F1is5e_tSVdlZtjxaYvXeqgy
x-amz-cf-pop: IAD89-C1
x-amz-request-id: 31V2BEX2A9QFPAY4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-32587224910,FD-32294001075,P-7048931,FLS-ALL
cache-tag: F-32587224910,FD-32294001075,P-7048931,FLS-ALL
x-amz-meta-index-tag: none
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-amz-id-2: HrXGuRX9314Ncr1SjclxJydZhSflOWHCHcWn8J7TxnZT7usq+XfhLAPyhzdXuYkwv6btGMonQ8I=
last-modified: Mon, 20 Jul 2020 13:27:49 GMT
server: cloudflare
etag: W/"399b73fe70f94e2b0fe7d2a023265e66"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1595251668028
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 7bfc08267b537136-YUL
x-robots-tag: none
x-amz-cf-id: 3_ct63-7CB2vUCoed6kN5CPqM5uUsdjdHVtd3V2GEtmWT4qZto5vuw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 discover-latest-resources-background.png
www.picussecurity.com/hubfs/Shield/Backgrounds/ 154 KB
155 KB 281ms
280ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Backgrounds/discover-latest-resources-background.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d33d13eb7856b3d2f87532c02b56bb48c9fa8511633ca8b256afc8b88deb5838

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-48927946102,FD-32488148221,P-7048931,FLS-ALL
x-amz-request-id: 5F6071QDBM3RZMX6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-48927946102,FD-32488148221,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "477599939a85ac3e0a2b8a9355bafc30"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1623857145292
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XcLnqw1KV0.7BvpT7VMk6DJgTZqKI6GS
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-48927946102,FD-32488148221,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 157236
x-amz-id-2: eqAeug2zuQDKLVFP4yfeRaGTj2xmS3zEabi9N6E5w7gH6MCEKhHWLO3yc1/6V0rW1O9bGpxiTSs=
last-modified: Wed, 16 Jun 2021 15:25:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cO%2Bw20DdhXEfeRDwbqlqbpYFBZ%2BV8Hizlu2scqxZ8L%2BQHBZgdb245jDPomdQyVafThMwQfMv8BGHm92DJPlVec0BfSxeAVYY1Ojv%2BFVxZVxMsPMW%2BTeDdGdITMLwzrJUPxWJoIjfhs3b8yXfs6z58WIf4g%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c7e4bca-YUL
x-amz-cf-id: MfmwHnXG7qHnmURE0EZ23Q5pXoyKtNh0UxE6JdImVpyTDovKUxh5yw==

GET
H3 200 Website%20Landing%20Page%20Banner-2.png
www.picussecurity.com/hubfs/ 4 MB
4 MB 246ms
245ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Website%20Landing%20Page%20Banner-2.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91f2c863f01c079244c565ac2e597291b43b6e454475545f4b241c730c432f09

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-37343795757,P-7048931,FLS-ALL
x-amz-request-id: Q80BHN4QS4RVYAH5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-37343795757,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "d84c42b91b2036bbaf9a73b2d0c62bb8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1605011958120
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5sqR8HPPXslxLo6jVkjczIm6nuxnafvF
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-37343795757,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4215824
x-amz-id-2: KVJz3w/g0+gsWg+v1DsDADE1gfDHLMRA3qsax21FzOCi+LEKl8X8s5BsQqv/49vSXzJ4d3P53zw7VEUCQLTSOw==
last-modified: Tue, 10 Nov 2020 12:39:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmqtRbrYEME0Ly%2BjuH0Xyf%2FlLSp%2Fiv5Z%2FphFGPwphKjgEQczUxykQtki9kxIN53EcwB7LXifh4JuevTMBdhOWt4yGFabMzgM6FJkiipiENm2u0LV94jMiD3PStVu5u8PJu7j4OpzTFJhDKPWUkoeHpJALA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c7f4bca-YUL
x-amz-cf-id: pRM8HW7yPvDoVObBoV_DNa5oEwR-RW5y9HDr7AwrWNJAezq1JWUNQQ==

GET
H3 200 9-System%20Information%20Discovery-2.jpg
www.picussecurity.com/hubfs/ 993 KB
995 KB 217ms
216ms Image
image/jpeg 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/9-System%20Information%20Discovery-2.jpg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16b84aa6e5c0082d1394fe06c80ca2267d7cee80fdea7916193a87e6305d4f38

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-34232797406,P-7048931,FLS-ALL
x-amz-request-id: W6ERYT0ZE05WX6DF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-34232797406,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "6fedded8915befde1c5dedbd1840a7e1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1598616054849
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: DyLAoIj2eWckgjLsuKtTJ9tn.zfS_kGK
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-34232797406,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1017184
x-amz-id-2: d79ayWD+AWVXlUMcze7pdCgr3Qw7byCXGoDoefKDfpBjl10ReE3kEza1iQuUcv4tmg6tpp5orm8=
last-modified: Fri, 28 Aug 2020 12:00:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uq66mRapYy%2FaQIcG%2B7rlynzWCutxmtzvwYC0cWqPGMzM84d0xSTcWZuQS95WRXEzdXk5P9e64wb0ekbAHCvcci%2B7grCFXkwQCcQ8pIj96NgZXnxPm7750HiYZ%2B9vePvK%2BzUBnUXvSx9WIsb%2BWU6u%2F16mIw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c804bca-YUL
x-amz-cf-id: -hwSdo3E3cP5sLfPc6K3ii5G9nCWeD9wkgaMcV0P7I81LnG9od-TvA==

GET
H3 200 General%20Social%20Media%20Sharings%20%285%29.png
www.picussecurity.com/hubfs/ 135 KB
136 KB 240ms
239ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/General%20Social%20Media%20Sharings%20%285%29.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e41bf03e20a308c2b0674b112c492575ec632eb0a5cf5032bf091e1536a937ba

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-42820152115,P-7048931,FLS-ALL
x-amz-request-id: FM0STBZM1AGS00KA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-42820152115,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "2bf4058027a974bba64dc10a60fc1131"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1615380768682
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WKVYjnG8GBRgfW_pyBG47H1lzFop45Jg
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-42820152115,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 138183
x-amz-id-2: SeLAeDI6OU8WeL0UP0wMEzzL34ZJjb2QwKndOX7pA2mOL2346z2a7pJ2m3Yz/yP+0ftQsdgRDTcGoKQalpmjFZviG8kigNzBexreKN0vtjk=
last-modified: Wed, 10 Mar 2021 12:52:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpxFaDhUtAp3XNB1AHuL5qT6o2Oftd6B809ucl7Z%2B6s3Qe71Z97G5xQJtfMI%2F9P9Q6xX87TFwIXy5CYrzTrVYH6poXSJUALs5fnVFNEj40zpNpHnCia7XFp%2BXVsVR%2FomVVR5unBTXmcoZ7SAl8QXqxLtsg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c814bca-YUL
x-amz-cf-id: lywDq7rUw6lfdXgP-IprfKBZYjuW26wOwvv9Mmp4P0MtQMFD3qNPEQ==

GET
H3 200 picus-cta-banner-blue.png
www.picussecurity.com/hubfs/raw_assets/public/Shield/images/ 26 KB
28 KB 568ms
567ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/raw_assets/public/Shield/images/picus-cta-banner-blue.png
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 918fee3ce7b66d4eb6b8c84cabf46beb8b76a888ae71ea44ff2a168dbfb70d4c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-32961024991,FD-32294001075,P-7048931,FLS-ALL
x-amz-request-id: W6EKCX7MDY1JDANS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-32961024991,FD-32294001075,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "a60223f88985cbb892578da33c9c7aea"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1595938893417
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kFBsfNFhuTweyGPHIaAy1K.qQ47dB5Pf
x-amz-cf-pop: IAD89-C1
x-cache: RefreshHit from cloudfront
cache-tag: F-32961024991,FD-32294001075,P-7048931,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26958
x-amz-id-2: hIL0Na267avH0ZPFYx0LH2gJZAeKA4Tk97KC6beAUt5nV/H1vEKhLqo/QCE6RgVD2/Fk95DP7ZkTgHW+fadiKsEfHFFqbX0ormUwsF7UKVY=
last-modified: Tue, 28 Jul 2020 12:21:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEKa%2FakWNIAteausK7lYDK%2BA2FMZWsEOsW8K82PYuu16OJqBYB%2BMdn6Zgr4GCGHZ2%2B0PHqV4%2BP%2BcIEh9IlefUdQTIx0%2BbEdn%2FSDg70BdSJ9XszOalLmgoSjYR5e4%2BE2lAxhZc63Ypco%2BJil42LiEkyJENg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7bfc08263c824bca-YUL
x-amz-cf-id: NHDJP1fWbgZBv7L7-C2CIMwFCAO5xDZsmlls-dChYxhtEV-W9aOtVQ==

GET
H3 200 background-pattern-footer.svg
www.picussecurity.com/hubfs/Shield/Backgrounds/ 1012 B
2 KB 569ms
568ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Backgrounds/background-pattern-footer.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d74aea3ea1a09d7239128033be4a712352c7d38e458103f16f27c9446e8b329

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-32488001577,FD-32488148221,P-7048931,FLS-ALL
x-amz-request-id: J2TFH97XRZZ8H2D1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-32488001577,FD-32488148221,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"5d838d296347ac210f658dd228f5e4d5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1594983750124
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _FuCvoAKP6E7gHr_urCXSjMGDpA0scJz
x-amz-cf-pop: IAD89-C1
x-cache: RefreshHit from cloudfront
cache-tag: F-32488001577,FD-32488148221,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XTtc+zCLJe/ywneXCVxxY+bNSSgkewRORIdSKq1VUS5CIkFvcHn4Fdmrj81E+oPvuOSbsw4Cfq8=
last-modified: Fri, 17 Jul 2020 11:02:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBkomhWa%2Bw05SDxnjaRwjMV1C2%2FonF7zEhzfg5VI76kzi0Xb6L0a5ACAqvGp1v9c7ckWZE4L1CLUIH%2BsgmB0WGGt26wgpBrQibHtW%2BChe0OIgifGw616Yky4%2B24RFstJyRA1LzuajXhD5Ho6cEDFcLdFog%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08263c834bca-YUL
x-amz-cf-id: XlwFscM0UTvvRG_2ZlRAh_weHRDU3hCuWji1S2RdRsHleGToZ7lEHA==

GET
H3 200 shield-navicon-dropdown-efefef.svg
www.picussecurity.com/hubfs/Shield/Icons/other/ 269 B
1 KB 569ms
569ms Image
image/svg+xml 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.picussecurity.com/hubfs/Shield/Icons/other/shield-navicon-dropdown-efefef.svg
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1211b9bf5f5278b9d2b064e35be18c27e3274df41a3e348118b713c7a696fae0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1682691954399/Shield/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-34505653174,FD-33856159417,P-7048931,FLS-ALL
x-amz-request-id: NJ8MMFXWYX3V6G27
x-amz-server-side-encryption: AES256
edge-cache-tag: F-34505653174,FD-33856159417,P-7048931,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: W/"ecae414d7556d9ccd065fa370783175b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1599224683583
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vDQsdUy4ve2mxuhK1StbfxDEwO6rRfAM
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-34505653174,FD-33856159417,P-7048931,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JVQSWdqcKxvrlr5pUWcguefXqrLwVs4VHaBN1nHQOkRFHNqnMVk5l3orhNRdrp/Gu9YtD20CAnI=
last-modified: Fri, 04 Sep 2020 13:04:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMyuL39QdsTclfSc6%2F5uWnd7gAc2pvv7x9t65yN5p7QMt7CICCl72srRK%2FHXWxlcdcjvGH6pwD%2FaKZ6FZGE5x%2BXB6yljX4FyGBXn4FFRW5khfe0BOriFqraQ6wwcfR6R6dc9lXbQD1Z2b8Tg2HrEu9aLLA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc08263c844bca-YUL
x-amz-cf-id: zwZ1lv7yuXllU_QDUoC8NLBaE8cX46e2AuoAZFEEpmyeiouPZHgRvA==

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 73ms
19ms Font
font/woff2 2607:f8b0:4006:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 03:10:15 GMT
x-content-type-options: nosniff
age: 80541
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 03:10:15 GMT

GET
H3 200 700.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 16 KB
17 KB 569ms
568ms Font
font/woff2 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/700.woff2
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d49b29e1ac3adeb18c787584abb252d2e1bd2f6f07b13fb612d3c6214e43c4

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires: Sun, 14 May 2023 01:32:36 GMT
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xFTR00AhTlEpSDhxVv3zCvhxjxBF8FHu
x-amz-cf-pop: JFK50-P6
x-amz-request-id: NFSBAGS3JJPH70S2
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16420
x-amz-id-2: Q374EwZRiyG7S7T7CHgVU7ozvv8mOvA8cFDQZ4qrDPguV5aEXeVRdcRsgENiMRdEMQcoPV77bqcE0dOtrCs4z0gXQG5kP4Uo6vCv7sHDHWI=
last-modified: Tue, 17 Jan 2023 21:56:30 GMT
server: cloudflare
etag: "1ace9de66f256d5dc301dbd06c1bb256"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2Bw8pXYIq3XcQRdF459C7LYbIlV8huLKxIIlWPVrbCw6z7CTrEuLdCOffTOh%2FVX4v3Zg%2BVEKeD2D9ZjfzlM6jF5if8H6F58WSDVoR9eFftAj88QEESIQV%2BOBbECnpB81aYLoeLxWymoUEkEwEI5mVQI1%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 7bfc08263c854bca-YUL
x-amz-cf-id: twt3Ihny4svyREZyijFkuYeVgqL2FR-tCcQYyrNTUSzgaAMoDsFEDA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Inter/ 96 KB
97 KB 555ms
555ms Font
font/woff2 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/googlefonts/Inter/regular.woff2
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5b3faf5ec92b8291684bf008308c4248ea2f6a1d05c7eec98366e08438a56b7

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires: Sun, 14 May 2023 01:32:36 GMT
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: dq8vhCSi3adfa5VbhrDa8AtNcpO3Zcej
x-amz-cf-pop: IAD89-C1
x-amz-request-id: QHRV0B5N3G9HXH5P
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 98060
x-amz-id-2: xKzKomA1J/eK67lzyq0PeK8hrMVcAAsjZ2408MXSg92YbBBdELnO5twKlQ1EpVzMm2UIVMGvNpo=
last-modified: Tue, 17 Jan 2023 19:06:37 GMT
server: cloudflare
etag: "bd78957b1fccd36a135d9af54373cc95"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BB2S3%2FGy9TsTrv3mS%2FS7EfqQHgEaWrLopQ%2BbUCdwDI5D1lbVJWbNxE006nyRbbL2LkSqE5YkpItYg9tHh0ORH6%2BOJ3%2F8NoNJf8GS4WKnEWTNubSB4jwUQPft9if82bNi55NCOy6OVOT7nDGL8pW%2FoX7MvA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 7bfc08263c864bca-YUL
x-amz-cf-id: ngtn1b-4F9ZsjuObt4wZm94Cz1QoH_z-Lu1tPeiFwvxHKi_5A2DpBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 15 KB
16 KB 557ms
557ms Font
font/woff2 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/regular.woff2
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 854984ae44d6553c9692cb76fc0602c6c0ca25a2c0b1183c3d3c584c248941f2

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires: Sun, 14 May 2023 01:32:36 GMT
date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 c7f059cae2da7d584bee2041395eabe8.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: iIvJjdHQuk1YcXjIC82wk8LokmPMDEww
x-amz-cf-pop: JFK50-P6
x-amz-request-id: CX90973SQEC8S97E
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15544
x-amz-id-2: tw2pFyAAL53+ouEDTPt7dm5E0EEjUFmHX8MsSMbk+0zWfPUdloCwDN5gcBa2Et+5FRsFZSIH82E=
last-modified: Tue, 17 Jan 2023 21:56:33 GMT
server: cloudflare
etag: "c53f445b339223d730c0d8ccf8031930"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6jbIVIEI2use7sNDUxxCbIbNPYOoNWGPYum814c8QRXT1hgofNJwZZb9pScpz3WFUbhW5HFd3JWM3cqA4YAcqR14kUmHzl0e0P2WbXMPvry4%2BLkzuoSpV%2Bl8BQYTg5pi%2BD9XFF3bdBn8D%2Fs6RIpBWy62g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 7bfc08263c874bca-YUL
x-amz-cf-id: BK8UaWDPA3GNL7K8LNZ0ItxPNZKsCH4jMHl_gtYOPJOulgjA9yoNog==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 BAS-Mock-Up-1-small%20(1).png
www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/ 31 KB
32 KB 520ms
518ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/BAS-Mock-Up-1-small%20(1).png?width=329&name=BAS-Mock-Up-1-small%20(1).png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0546b1884b747fa252654e17648d04c5648eee2379daa3422943d50c02a59d4b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-106611340645,FD-106424384934,P-7048931,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31547
cf-resized: internal=ok/m q=0 n=94+0 c=1+26 v=2023.4.2 l=31547
last-modified: Wed, 15 Mar 2023 13:46:35 GMT
cf-bgj: imgq:97,h2pri
server: cloudflare
etag: "cfavBT5HL45JZS7Vl7tH0r2X33XbrdjO6X7I0F61IADQ:705e4e397cf0a1e2e5c2d0f93b1e894f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYOPmLhviUTP0UOsoKoLyfDziB6XY5Q%2FgmkE%2F%2FyAyV4uz%2B8adXmULD5%2Ftb5bPZwYiZKp3jhlEQjjs1JGLLfjeKFXDsGkyuMIZx4e5ZgLDOT9cezr5xfgUFce3n4ULe1Cp6dmECBnZgVOaIMoGB23S2Rl4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfc08269cfd4bca-YUL

GET
H3 200 Picus-thumbnail_Ipad_Checklist%20(1).png
www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/ 21 KB
21 KB 507ms
505ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/Picus-thumbnail_Ipad_Checklist%20(1).png?width=246&name=Picus-thumbnail_Ipad_Checklist%20(1).png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

050e70c29b7d7e484f6df0351fb6f40e701630ff0ededb8e0c9bf8c567d16c2c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-106597060365,FD-106424384934,P-7048931,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21175
cf-resized: internal=ok/m q=0 n=152+0 c=0+16 v=2023.4.2 l=21175
last-modified: Wed, 15 Mar 2023 13:47:44 GMT
cf-bgj: imgq:98,h2pri
server: cloudflare
etag: "cf2DLgm9zpn5ogEJX5l2nEcow-jHUPFYPYPvtVlj13DQ:7d22f1a899e14770aa6b60b3c01c28d0"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJnzFhGbMRKizeGpGleHkum7%2Bd%2F8lwk8iJgx7NURDbRzeohylf%2Bnus5F%2B65SyRakdyr5mEXOuVVaXUKY6NhOAW3QR%2B1RM9ToOVL83LfVxXZehlYmRFxWhfm0qoctTRRxSEFVEkx0XKSL7uMnxjWI1hZ99w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfc08269cff4bca-YUL

GET
H3 200 picus-global-award-2023-learn-more.png
www.picussecurity.com/hs-fs/hubfs/ 14 KB
15 KB 80ms
78ms Image
image/jpeg 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hs-fs/hubfs/picus-global-award-2023-learn-more.png?width=288&name=picus-global-award-2023-learn-more.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

86335921874ad6120c0dbfcbf083f4556493d8d352791305838d905d2ef5974b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 2a78cba32e1e70413cb851835f0eb89c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112906604447,P-7048931,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14770
cf-resized: internal=ok/m q=0 n=138+0 c=5+28 v=2023.4.2 l=14770
last-modified: Wed, 26 Apr 2023 20:04:39 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "cfX-xpuq_zn-csG6_ANp5l4SjMYNLV2FNHlLWajg41DQ:b61fe3317108d452f2b99f231e96a7e1"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QqB0qPB23gQHn8qeimvMkOI3cPaBgvcdLTt0vnY3Nj5aUKUXlzX%2F1vSm0w4k%2Fvf8rIpfNtoTJZcY6I2X7JjKNdO7PESkuBqcw%2FYwadjg4Zj2HR6EpOxQ52TQStkDxo9YoZPkvGsWuMC4hKnY9hL%2BaUJbnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfc08269d024bca-YUL

GET
H3 200 RSA%20Blog-1.png
www.picussecurity.com/hs-fs/hubfs/ 17 KB
18 KB 76ms
75ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hs-fs/hubfs/RSA%20Blog-1.png?width=288&name=RSA%20Blog-1.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e1b90d8d7751a7342311390081c85ce3089da757450a1a6c2be1fa3cdc706e0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 fadedfea448fa31cb8aba15ba1b05064.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-112759929116,P-7048931,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17473
cf-resized: internal=ok/m q=0 n=205+0 c=19+36 v=2023.4.2 l=17473
last-modified: Tue, 25 Apr 2023 18:46:23 GMT
cf-bgj: imgq:95,h2pri
server: cloudflare
etag: "cfR6eOCwua6emCUSmFdq1LhBULYNLV2FNHlLWajg41DQ:756df957ac2b57ed799134f4cc5c6592"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFd8skqLAS7sWqfhlyNbzkcEDYHV%2FmBdueIxriKMVO6k8OSp8jVsZNGmKSHTQhsQqSeDRVv7Phl%2FTbdn2rH%2Fx8Kt9nXtsCtuiWcahHnyzBShtTs4vIkgsZ9TwhPGh5mE4iud6jrjJR8GC0B%2BsUT2F22Dng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfc08269d054bca-YUL

GET
H3 200 image%20(17)%20(1).png
www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/ 20 KB
20 KB 508ms
507ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hs-fs/hubfs/2023%20-%20Optimization/image%20(17)%20(1).png?width=260&height=333&name=image%20(17)%20(1).png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

676676c35e87b7746f8d7b9376ab991a2179b37a3c788f91c4888ca2f26a08e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-tag: F-106609673565,FD-106424384934,P-7048931,FLS-ALL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19997
cf-resized: internal=ok/m q=0 n=140+0 c=2+29 v=2023.4.2 l=19997
last-modified: Wed, 15 Mar 2023 13:50:01 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf9SQ4OZ6OhSzUkhENjMee58d_offrrQJmkF5SnCr4DQ:e4d86cf3f0af0bc42564d8b4f4192167"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeAt1Q1DTasPM9qkdNEDWS%2BUC1sTOd0M279uFGlMVaDZesBtmWIqGzWjX4PQREV3gj2KNMFDKkrhh8M9XkWAsu6LifbrBhsPvbwkYuxzhiEgNUhIABaQubhBHgHI4aK%2BOlKqquIQDzeyIR9TY%2BCbNa%2Fk5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1209600, s-maxage=1814400, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7bfc08269d084bca-YUL

GET 0.json
pageimprove.io/s/87e36deb-3baa-4073-8132-78c55a109492/www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach/ 0
0

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
748 B 962ms
910ms Fetch
application/json 172.67.75.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&s=202290

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.75.100 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.picussecurity.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w8QnK%2BzeTttXFfFnD4vZzlMeIWpYN5T6PzjSgVKm854mkEStEggELkKmD%2BKvTwnvcBEs5IdTl2cqr3o6%2Fbuf4ms4UhfA4Pj5nIvBevJR7yR197eM%2BzuSYrfjxA2q5xur9vJi9PwaOAXSmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 7bfc08272d3ba1e0-YYZ
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js Show response
cdn.mouseflow.com/projects/ 62 KB
18 KB 86ms
30ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: 565919380e5f80db6b4eb9f3413feba2322b4074312c5db301aba17b768e762a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: gzip
last-modified: Sun, 09 Apr 2023 08:08:00 GMT
server
etag: "a4f0f066ba6ad91:0"
x-hw: 1682818356.cds179.dc2.hn,1682818356.cds089.dc2.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 18026

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 67ms
20ms Script
application/x-javascript 2600:141b:9000::b857:ad5b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000::b857:ad5b Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=11499
accept-ranges: bytes
content-length: 4777

GET
H2 200 tracking.min.js Show response
t.visitorqueue.com/p/ 8 KB
4 KB 145ms
18ms Script
application/javascript 2600:9000:2512:6a00:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:6a00:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 48c22238a7c255b1e07ad60d097624a33f88dea18e6551f5a2012ac9e17bdba9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: 2_tEq0cgWOMi4ThJsBGbeTCbWkYZyh_J
content-encoding: gzip
via: 1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
date: Sat, 29 Apr 2023 08:16:13 GMT
last-modified: Tue, 25 Apr 2023 11:11:19 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P7
age: 62183
x-amz-server-side-encryption: AES256
etag: W/"646a63950383545c112b1e0961d07a19"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 98RkWIppl5j57Cx0icM6QimNwPcnypSzAVEs-XUl_hj70HWKizEuHw==

GET
H3 200 json Show response
www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/ 10 KB
4 KB 247ms
247ms XHR
application/json 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/json?hs_static_app=forms-embed&hs_static_app_version=1.3102&X-HubSpot-Static-App-Info=forms-embed-1.3102
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7de43cd45503e957602fc896bd8af5ae0556e3e8564bf0ad803130ca3948ff4f

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 78418b04-50e0-4824-962a-5effcff5acd2
x-envoy-upstream-service-time: 24
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 69fe2bdc-87f2-43ec-80ce-43ea2f59e61a
server: cloudflare
x-trace: 2BD6FCC91204AA0EA029424CD933DE06C73EDBF4F2000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-th6jg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiBhfHkcJSTuPeGqPwhGKrdWLYKbowdbvOUcTQJVxrDJxOIcdAnZ6A8TgXM7xxOk8SAHYSRwlvonaR12mU25oJPryHLP9Fp6JfppepYbQ%2BziTLo2nOsQsM21xOm9IG9tGvCY6ujF91JPOsMauMHIt1hjrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc082838304bca-YUL
access-control-allow-headers: *
x-robots-tag: none

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/json?hs_static_app=forms-embed&hs_static_app_version=1.3102&X-HubSpot-Static-App-Info=forms-embed-1.3102
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7de43cd45503e957602fc896bd8af5ae0556e3e8564bf0ad803130ca3948ff4f

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-origin-hublet: na1
date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 79bc4523-f76f-4745-9a38-f1a0aa7993a6
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 450806b9-bdcd-4408-bf49-497189dbebd1
server: cloudflare
x-trace: 2BD0A8C5ACB77B00305ED344EA1FF61A42C8E7DDBB000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-bmnkz
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZS%2BH519i%2F3bvikpQfcWZzG6Ig9atxEdbYV9WCLvFxALKHya4FzIc6V%2FSeKVfPF4bgQ9%2BhmYVN9QYSmb9SwRg1YFDVd3kDccTg3qXC2XpW8rUE97zQ1yCM%2FN%2F2GNKQmgyMOG%2B%2Bgo9xIgi8sCuDVA7IU%2FXA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc082838324bca-YUL
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 144ms
44ms Script
application/x-javascript 2a03:2880:f011:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

54d4ed910270becc16fa9e4edbd3b6bbe5b9800fcb093ceb2af4a627b5797a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 30 Apr 2023 01:32:36 GMT
content-md5: r+Qyl9PFEtZ+rkezI7WTDA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: sK63siSQjQhPBgXNJV+qJSswvz0EhXC3gKXwzDf5oaGXO9vNpy1Pcj56LStjG4VkrjDvYO8NIFQWpcui9L1a+A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 2074150462
x-fb-content-md5: dfe2f1de5307453403ca3e28d03b66f2
cross-origin-opener-policy: same-origin-allow-popups
etag: "e9a4ef7a9f8becf807cfa9b0ba159869"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Sun, 30 Apr 2023 01:37:53 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 101ms
18ms Script
application/javascript 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D11) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 01:32:36 GMT
Content-Encoding: gzip
Age: 17
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (nyb/1D11)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 7048931.js Show response
js.hs-analytics.net/analytics/1682818200000/ 65 KB
21 KB 156ms
110ms Script
text/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1682818200000/7048931.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b260fcd4a88bb5de6f203ec09575535a0b19caa9083de9ce7b09560f27c3415

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: QTJP5MM7H30HKBB8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 23
x-amz-id-2: 7iACgK5Px4H1wAw08KCA5nDumUbGccGvbv+1DVF288Oi4GLa4mH8F/DFRz9zx3fVSU5AzXh8ZdA=
x-evy-trace-listener: listener_https
x-request-id: 835963c0-f3a4-4870-b607-7ea7061aea4b
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 20 Apr 2023 09:47:05 GMT
server: cloudflare
etag: W/"b0d470778a0137943faffe0679c6da9d"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-5wkt9
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7bfc08288e247148-YUL
expires: Sun, 30 Apr 2023 01:37:36 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 124ms
78ms Script
application/javascript 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-amz-version-id: aBw9KhRIvCv.ZxIPDLAZZBBgMDNKkxQd
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-cache-status: MISS
content-encoding: br
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.362/bundles/project.js&cfRay=7bfc08288c534bb8-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1f7321be-8469-4b56-a50b-0aa5c19fadd3
last-modified: Thu, 27 Apr 2023 09:01:08 UTC
server: cloudflare
etag: W/"bace8c71ddeb09e8dcafa17e11c33f6c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-dx4mf
cf-ray: 7bfc08288c534bb8-YUL
x-amz-cf-id: 8plUhJQPrRKjusQ1Xtbizzu7BXzFHz2vz8r0TPNu9QcM6maJVXDfEg==
x-hs-target-asset: collected-forms-embed-js/static-1.362/bundles/project.js

GET
H2 200 7048931.js Show response
js.hs-banner.com/ 69 KB
17 KB 189ms
144ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/7048931.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bf307c40d76db4cff5f6008731a1fb623afca4e2c14ae403d619f9db5d0b46d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-amz-version-id: utwgEkOTCRJ1Dh94mJaDB5lf9eed3c9Q
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: QTJNHJR0F3W7A91M
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 52
x-amz-id-2: 4MrGwB6p6UZXxCh5yTSK8uQqZPsN0vAKjYkVvw0BfTgSMnOCpV3wq/TYGwh9aahyZmkgyfJmL8w=
x-evy-trace-listener: listener_https
x-request-id: c0d82552-ccf2-45b2-90bf-e8a163f80367
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 20 Apr 2023 09:47:04 GMT
server: cloudflare
etag: W/"1f539f76bcaa539cf039ff330147b3b0"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-v96hm
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bfc08288b054bd0-YUL
expires: Sun, 30 Apr 2023 01:37:36 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 545 KB
87 KB 180ms
136ms Script
application/javascript 2606:4700::6811:7f6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7f6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-amz-version-id: RmhmaytfCYjkF4kIWncNidw0.aX_4QVo
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-cache-status: MISS
content-encoding: br
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js&cfRay=7bfc082898687150-IAD
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 43
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fbc0a38b-5a0a-4c1e-9dec-916ca769a37a
last-modified: Mon, 03 Apr 2023 03:50:40 UTC
server: cloudflare
etag: W/"0bee9cd87f137fe7aec90112cb8b0376"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-httbh
cf-ray: 7bfc082898687150-YUL
x-amz-cf-id: 7vRLqOc5nTY13JvOqq5NGNEro3Ptc5Pk81MDg_VCWYiH4Dh7dO6ziQ==
x-hs-target-asset: lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
995 B 135ms
91ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=7048931&callback=jsonpHandler

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5d01df81-92f5-4eb2-87b8-9faeda7753c5
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7bfc08288f087136&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 9e6a99c9-7efa-4795-a5e5-2ff2fa2ab4b2
server: cloudflare
x-trace: 2B1608B01F81D77025DAC55256433D6E31BB9FA7C2000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-9sjmd
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7bfc08288f087136-YUL

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2042428/domain/picussecurity.com/ 36 B
370 B 193ms
93ms XHR
application/json 2600:9000:2211:5a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2042428/domain/picussecurity.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2211:5a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: gzip
via: 1.1 3727f98cd6ebfb95bec91eabb16480a0.cloudfront.net (CloudFront)
x-amz-cf-pop: ORD51-C4
vary: accept-encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=8845
x-amz-cf-id: S4vpNxksW_PUCF4Ds6TUZCWnFqflJD6Fwe4-cmj0NRwuUiEA5DIlBQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2042428%26time%3D1682818356520%26url%3Dhttps%253A%252F%252Fwww.picussecurity.com%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync=...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync...

0
489 B

101ms
68ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync=true&e_ipv6=AQICuuV0_mhPQgAAAYfPylfhlY8DzPgTlmBaIb7WD5xA4iKJSLc-HFsTD8Fg0ywdg9Iv23fb
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 139497D68ABA4A73AEF58C41041AD5E2 Ref B: YMQ01EDGE0510 Ref C: 2023-04-30T01:32:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6g65o3ZpYx39SMrrjUg==

Redirect headers

date: Sun, 30 Apr 2023 01:32:36 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: AAC35D2985E447509E9302FD3DB2C50A Ref B: YMQ01EDGE0414 Ref C: 2023-04-30T01:32:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1682818356520&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cookiesTest=true&liSync=true&e_ipv6=AQICuuV0_mhPQgAAAYfPylfhlY8DzPgTlmBaIb7WD5xA4iKJSLc-HFsTD8Fg0ywdg9Iv23fb
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6g65nIQaqQsimWjzLuQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
87 KB 51ms
50ms Script
application/javascript 2607:f8b0:4006:80d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

de08f8a20a74f26f4d2e404db139836f037dfc98c6ae9b2c7e5b09d90e4a97c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 30 Apr 2023 01:32:36 GMT

POST
H2 200 open
t.visitorqueue.com/p/ 2 B
316 B 51ms
47ms Ping
text/plain 2600:9000:2512:6a00:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/open
Requested by: Host: t.visitorqueue.com
URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:6a00:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
access-control-request-method: *
via: 1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
x-cache: Miss from cloudfront
content-type: text/plain
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 2
x-amz-cf-id: -o-_ujxonTXtdbp14YwZFB5t9KMOGn-G586Y7-a5UdxV8Pba9RucuA==
alt-svc: h3=":443"; ma=86400

GET
H2 200 open
t.visitorqueue.com/p/ 35 B
370 B 52ms
48ms Image
image/gif 2600:9000:2512:6a00:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.visitorqueue.com/p/open?l=9&q=cGFnZVZpZXdJZD03MWRiZWIwYi1hNmUzLTRmYmMtYTg1YS0yNDJiYmJhY2E2MzUmcGF0aE5hbWU9L3Jlc291cmNlL2Jsb2cvdHRwcy11c2VkLWluLXRoZS1zb2xhcndpbmRzLWJyZWFjaCZ2aXNpdG9ySWQ9ZDNlMTllZmMtY2M1Ny00OTUyLTk0ZDAtZDk5MGVmM2VmN2I2JnZpc2l0SWQ9OWI4NmZiODYtN2JiYS00NzFiLTg5ZGUtOTczYzI2ZDJjOGVmJmFjY2Vzc2VkQXQ9MTY4MjgxODM1NyZ2cVRyYWNraW5nSWQ9NjdhYjBlZTctZmNiYS00MDBiLThjYjMtZGI3YmIxY2MwMDMzJm9yaWdpbj13d3cucGljdXNzZWN1cml0eS5jb20mc2NyaXB0VmVyc2lvbj0yLjAuMA==
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:6a00:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
access-control-request-method: *
via: 1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: No-Store
access-control-allow-headers: *
content-length: 35
x-amz-cf-id: avDt0QhJENAUBZpfOBL2TQMrjdK36T6GUdiTlakxxTzRzLqomWQ2pQ==
alt-svc: h3=":443"; ma=86400

POST
H2 204 collect
analytics.google.com/g/ 0
258 B 330ms
33ms Ping
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-DB6MKXQ2E6&gtm=45je34q0&_p=534264815&_gaz=1&cid=739989578.1682818357&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=FA&_s=1&dl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&sid=1682818356&sct=1&seg=0&dt=Tactics%2C%20Techniques%2C%20and%20Procedures%20(TTPs)%20Used%20in%20the%20SolarWinds%20Breach&en=page_view&_fv=1&_ss=1&ep.page_location_clean=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80d::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 01:32:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.picussecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 89ms
31ms Ping
text/plain 2607:f8b0:4004:c17::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DB6MKXQ2E6&cid=739989578.1682818357&gtm=45je34q0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 01:32:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.picussecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 336ms
41ms Image
image/gif 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DB6MKXQ2E6&cid=739989578.1682818357&gtm=45je34q0&aip=1&z=474489183

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 30 Apr 2023 01:32:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame C680 320 KB
104 KB 19ms
17ms Document
text/html 2606:2800:220:131d:1d30:1f1d:238b:1e56
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.picussecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 100818
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Sun, 30 Apr 2023 01:32:36 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 308 KB
86 KB 88ms
41ms Script
application/x-javascript 2a03:2880:f011:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=123107927c17ea193f90a00c3f4d9c6b

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ce6304e9ca59a9958810013b465dd4e8d13acbb6af0b2d330bc482c6a18a3f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Origin: https://www.picussecurity.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 30 Apr 2023 01:32:36 GMT
content-md5: YuhSvMkxStD9Fm0rKyP+tw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88507
x-fb-rlafr: 0
x-fb-debug: FxKl48bVNq26ixeO1xyFDfGtKXB2FAMI5lyeiBosYXyCg+79f9weC11qoBn+qDAZ/T6RyFekIwhWvuTv5/w17w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: f7e9d6cf97ce136b5e4d2844f4d15ec6
cross-origin-opener-policy: same-origin-allow-popups
etag: "5268921c7b1571f14eafd8f8294ac222"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Mon, 29 Apr 2024 00:32:53 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
454 B 111ms
99ms XHR
application/json 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=7048931&utk=
Requested by: Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99055dba9f2387917c3e9808aacc7c2e23a12705985bb8c4a6fcef05a2a0c682

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: d1db345f-34c6-4a24-b2ef-d5f10421e268
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: df86c009-7101-42a3-8456-6fff01e87ea8
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-sbk7p
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7bfc082a5f364bb8-YUL

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1007 B 82ms
51ms Image
image/gif 2606:4700::6811:d5f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 01:32:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 7b3baffa-ccf8-44d0-9be4-d50ceb260320
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ede7b748-e603-4446-bbcc-9aaa1ec6d469
Server: cloudflare
X-Trace: 2B95022E2109AB2CC54009983AC87C98D99A9C3C8F000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-sdwfp
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bfc082b0aaf7156-YUL

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1008 B 145ms
104ms Image
image/gif 2606:4700::6811:d6f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 01:32:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 22d67ad7-5311-45f6-9c48-5988cef1aebd
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 10
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3c9a1b1e-4ebf-481f-be71-7d93a81f21db
Server: cloudflare
X-Trace: 2B70654A37ECDCB60BA27F420A067C2BEF60C23D13000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-qq552
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7bfc082b6b9233fb-YUL

GET
H2 200 settings Show response
syndication.twitter.com/ Frame C680 800 B
642 B 140ms
48ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=252d5d84c45d7d5be08e6dbd951dcc86e1ef2392

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.picussecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

5b152c384ea8c3be37e1991fb98124e98e741249d1ae916fee12c197a7ded34b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time: 7
date: Sun, 30 Apr 2023 01:32:36 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sun, 30 Apr 2023 01:32:37 GMT
server: tsa_b
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 8545af962f8e80d5
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 8757df60c20a58d6a5432ed74798a7cfe413b84c7db11c969f8bcc38c0b755e8
content-length: 322

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
643 B 89ms
61ms Image
image/gif 2606:4700::6811:d5f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d5f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 9c258469-731f-44bd-a717-75210a4044bf
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4dede61f-d0bd-43fb-bccf-a3d89c596c91
server: cloudflare
x-trace: 2B9230F7DB0F767C6DC03C086203253828B0170D1D000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-n9nn6
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7bfc082c8ce44bcb-YUL

GET
H2 200 cf-location Show response
js.hs-banner.com/cookie-banner-public/v1/ 2 B
154 B 65ms
29ms XHR
text/plain 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b650e5c4785025dee7bd65e3c5c527356717d7a1c0bfef5b4ada8ca1e9cbe17

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin: https://www.picussecurity.com
date: Sun, 30 Apr 2023 01:32:37 GMT
server: cloudflare
cf-ray: 7bfc082c992cecf6-YUL
content-length: 2
vary: Origin, Accept-Encoding
content-type: text/plain;charset=UTF-8

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 94ms
94ms Preflight
application/octet-stream 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.picussecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7bfc082cd968ecf6-YUL
content-length: 0
content-type: application/octet-stream
date: Sun, 30 Apr 2023 01:32:37 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-v96hm
x-evy-trace-virtual-host: all
x-request-id: 5558e277-1dc3-4e74-b05f-06cae14157dd

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
167 B 68ms
67ms XHR
text/plain 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: b726cebf-a2fe-4f98-93b5-e11cc0433b13
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 18
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2b55d015-cd0a-4bbe-9f3b-6393548c018f
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-c2gr8
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7bfc082d6a11ecf6-YUL

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
434 B 77ms
65ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=7048931&pi=38790370719&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cpi=38790370719&cgi=35190412163&lpi=38790370719&lvi=38790370719&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&t=Tactics%2C+Techniques%2C+and+Procedures+(TTPs)+Used+in+the+SolarWinds+Breach&cts=1682818357368&vi=164013cefe3beccf6c98cf4299f7860b&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 54a37554-024f-4749-a6bf-a8d696e08071
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fea71f64-2440-473a-b268-65bf8fb2405a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OdirtGKKeggWUJgNigv6vLrlCOp5tvCV6qYHtwj2LCXRWOAa8fL1A5Yyv%2Bm59VzCJel06n3SyFVNeu9IA%2Fpwk1tnufNUuNJ3k1jG9vA4ifd2e46d8ie5PS4UqCDWUqjLR19aBafVbC9yRQbLLiaR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-7gblk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfc082db8487136-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
441 B 74ms
72ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=83314d8e-22a6-4b60-a54c-02e311f8ff5a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=7048931&pi=38790370719&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cpi=38790370719&cgi=35190412163&lpi=38790370719&lvi=38790370719&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&t=Tactics%2C+Techniques%2C+and+Procedures+(TTPs)+Used+in+the+SolarWinds+Breach&cts=1682818357370&vi=164013cefe3beccf6c98cf4299f7860b&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f380ab25-b7a6-46b2-bcac-e8ca2a4fcaf0
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 48474ec5-e55b-47ac-8087-747c880a68c7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pip9qqsWXwER2aMppVIElttHT1Yy9%2FR4%2FEB9UYs7dO43Qdkwl2tFetQoVkiAF4JXi%2FKC2Yj2GO2YMKRWcfA59n7YbrI7lhnve%2FLO%2BN%2FShBYNN5a8u%2BFMmC1qiJEGcFyYjDwgUzpvGFuJiRXnhaMk"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-r7kqt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfc082db8467136-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
596 B 62ms
60ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=83314d8e-22a6-4b60-a54c-02e311f8ff5a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=7048931&pi=38790370719&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cpi=38790370719&cgi=35190412163&lpi=38790370719&lvi=38790370719&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&t=Tactics%2C+Techniques%2C+and+Procedures+(TTPs)+Used+in+the+SolarWinds+Breach&cts=1682818357371&vi=164013cefe3beccf6c98cf4299f7860b&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 079deba5-2209-4480-a046-bcec27dc13c1
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cd4da43a-7394-4156-ad7a-cdaf52a6fa8b
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0ndO1tCUcVI3Jq6sYhcOOD1SiDJUWD8mOMi%2FLp2z9JEF1aJANRtUx8Ir2ppzqN0xNNi4MkoM3JznOx1XIfA1saoMwr8bZNLj7oRNHlw28NLJK3oGjlSqOwPVqrkJ0qNCCneKsVS7Y1O1gF3Pexa"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-fwlfz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfc082db8497136-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
503 B 73ms
73ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=d489b291-aef3-4f86-8505-6951a7148b4b&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=7048931&pi=38790370719&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cpi=38790370719&cgi=35190412163&lpi=38790370719&lvi=38790370719&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&t=Tactics%2C+Techniques%2C+and+Procedures+(TTPs)+Used+in+the+SolarWinds+Breach&cts=1682818357375&vi=164013cefe3beccf6c98cf4299f7860b&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 157647c5-508e-4a66-87ff-a60987ac041c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8651b55b-7378-4c27-b6ae-c857562a863b
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PZNHbOpPnsnPn31B8v9gjDsQQ79Qz8NH4ZpTuOc%2F9cBwVd26SQljuhi4lT0ewiv9qqFmaB4SdzJkyuJ3ZSqWubece9xOPCU7%2FFuuAaikqLJn9u0LMehS9R0KqSaWLhmzdkZ0zu4Sfgt50zMmyaMl"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-mw7ks
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfc082dc8577136-YUL
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
564 B 79ms
79ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=d489b291-aef3-4f86-8505-6951a7148b4b&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2397838929&v=1.1&a=7048931&pi=38790370719&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&cpi=38790370719&cgi=35190412163&lpi=38790370719&lvi=38790370719&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&t=Tactics%2C+Techniques%2C+and+Procedures+(TTPs)+Used+in+the+SolarWinds+Breach&cts=1682818357376&vi=164013cefe3beccf6c98cf4299f7860b&nc=true&ce=false&pt=3&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8464a550-302e-4a05-8f08-420524a082f1
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2eed8c86-83a1-4b66-98fd-6b24ea070e70
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFxjDh339vOJQc2fzwygLTGAVSZ8ccY96tKXcCtSKh34LisgS%2BSMUEB3ZkKrj0CTanmWoTuMua8pHUTFlvZ5sZkV%2FWxD2OOfE2NmYCKmxzql3tftYMBvlfeDOpRFnlyp7IvqsAqlAgrcaZc3ElKA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-r7kqt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7bfc082dc85f7136-YUL
x-robots-tag: none

GET
H2 200 64d678615e3d0 Show response
display.popt.in/APIRequest/ 8 KB
4 KB 809ms
757ms XHR
application/json 2606:4700:3033::6815:4128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://display.popt.in/APIRequest/64d678615e3d0?domain=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&referrer=&previous_url=&cookies=%20poptin_old_user%3Dtrue%20poptin_user_id%3D0.szxr7fq2w4%20poptin_new_user%3Dtrue%20poptin_viewed_session%3Dfalse%20&triggers=&cc=false&if_mobile=false&page_title=Tactics%2C%20Techniques%2C%20and%20Procedures%20(TTPs)%20Used%20in%20the%20SolarWinds%20Breach&origin_landing_page=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fttps-used-in-the-solarwinds-breach&previous_visited_pages=&shopify_customer_id=0&cart_total_items=0&cart_total_price=0&cart_products_ids_list=

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:4128 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4259016e3aece696ce32c5fe10fda871dcacb7ee061e9f3136cafba7d85761f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://bc.popt.in https://.mybigcommerce.com https://.jumpseller.com https://.myshopline.com https://.myshopify.com https://*.grisynava.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
content-security-policy: frame-ancestors https://bc.popt.in https://*.mybigcommerce.com https://*.jumpseller.com https://*.myshopline.com https://*.myshopify.com https://*.grisynava.com
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BlM7lukeA3Ln%2Boy%2F81blxr16bhFLYMsNk9eCy8OxZLwXpH7OOCd%2FQLvcrs5D9h4I0QZX3Ogni3nm9eos4jv2Y%2BQxODMrHsiQGgpc5wVa0gKf0bp0aBgng5XGm4AEdpRfsU%2F4bUYqyY1glcC7%2B7M%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, must-revalidate, no-store, nocache, private
access-control-allow-credentials: true
cf-ray: 7bfc082e2ffea23b-YYZ
access-control-allow-headers: Origin, Content-Type
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

/
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/
Redirect Chain

https://fonts.popt.in/?family=Poppins&display=swap
https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap

1015 B
1 KB

382ms
95ms

Stylesheet
text/css

2600:1f14:50b:9a02:819f:ed7c:3c76:3d0d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws/?family=Poppins&display=swap
Protocol: HTTP/1.1
Server: 2600:1f14:50b:9a02:819f:ed7c:3c76:3d0d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8503bb1f3969798a88dce37ee7f38979711dfd7495f5b8dafd66a19ff24e2d15

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Sun, 30 Apr 2023 01:32:38 GMT
x-amzn-Remapped-host: fonts.popt.in
Connection: keep-alive
x-amzn-RequestId: 958fd2e5-ac7f-4a54-b12d-9462fe78716d
Content-Length: 1015
X-Amzn-Trace-Id: root=1-644dc536-6df0fe0c4799f37d6981697d;sampled=0;lineage=013914a9:0
Content-Type: text/css; charset=utf-8

Redirect headers

date: Sun, 30 Apr 2023 01:32:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAbHbcIhAWJahC4sNu9lM85brZAT1lWdj7InHqJg4IAkCfaPFlYUgda0AwODLm7LFekclYe%2FfzejlQnfsVqO6%2FuFpJo4hPHznbBvIeaQQY0Ah%2BB21jmVsEIqRy7CmDO6c8cStu7M%2FkwEHJqY"}],"group":"cf-nel","max_age":604800}
location: https://tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws?family=Poppins&display=swap
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7bfc08331c251899-EWR
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 heb-fonts.min.css
cdn.popt.in/css/ 22 KB
3 KB 35ms
34ms Stylesheet
text/css 2606:4700:3035::ac43:9e06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/heb-fonts.min.css
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9e06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7459dd5ce48ddd21da15f490514af4be07ff85f0b0b6b9e118542d68ff5ec91

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
x-amz-version-id: qXd_m_chdhWvR5DNrvI834tklGtnWkb9
via: 1.1 812385435e4a24499dabb443924e6b50.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P7
age: 227013
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 12 Sep 2018 18:05:20 GMT
server: cloudflare
etag: W/"fb58ef8ec15444a0d0cf977973d4f824"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCn14mv7B83VEGe5tpqQOm4TCFOc3hlmLA%2Bec2DMNeXTRgHEtU%2F4TlvG0XabYJkOjGpGEAyHpEFV5UhtRYGS2Fu7Hcmw9RobFtM%2FVIwn3EGUHASNsaMN6JfoHNfhK9EGI6RcOe4Wvzqkug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=30672000
cf-ray: 7bfc0832fc0a1899-EWR
x-amz-cf-id: NhRndo9l9xwmsRYFzcML3qQPTkBe_eP989W2S7JHXkNbjd2_beMSSA==

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 20ms
19ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 809791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGfVHbM1XdKq10bzoooIJcRPgdLuXYVoQTGweijjrWW2hbrDBCgbAG%2F5XGnKtZ6DLq%2B82BsIPQbUWhDgduiWLMRohMDTt27nKQd0Ez4ib4QoYQmrd1y3VHi%2FryIzPIX9X1TTM0NZvIvliHaCCgQD163I"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7bfc0832faaa7154-YUL
expires: Fri, 19 Apr 2024 01:32:38 GMT

GET
H2 200 poptin-style-en.css
cdn.popt.in/css/ 32 KB
6 KB 32ms
32ms Stylesheet
text/css 2606:4700:3035::ac43:9e06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/poptin-style-en.css?ver=10
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9e06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 380833de27ae130eb2f99b6cf44c809acb17014a836387fc3e842f91376c370e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
x-amz-version-id: CT1tBfV2mc7Sw99dShslcN1nijnVmSkP
via: 1.1 100ce1d37f67e6c59753cd4c9c473afc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P7
age: 3614
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 Apr 2023 10:29:00 GMT
server: cloudflare
etag: W/"bb382500b6f5a63e19ea2efc3dcde325"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDts5AIeo7sKweOtYK%2BE1itdhpFmKyVb7xLeZazZzFByblthz0hYhy97XJyc%2FO64HIca177a8vIJKfl0BdqQhBM0nWN9Pxm8jSbG2UZrpEsJk1fyeNUn11xxJKZ6JaAke6Ln0IxoyC%2BEAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 7bfc08330c0c1899-EWR
x-amz-cf-id: ELQFKCJjc7ubfMetGxmjnfa_k3t25GWPIpuyA0RIerH-EFMWNLIvjw==

GET
H2 200 poptin-animations.css
cdn.popt.in/css/ 6 KB
2 KB 30ms
29ms Stylesheet
text/css 2606:4700:3035::ac43:9e06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/css/poptin-animations.css?ver=10
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9e06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 310f7d360d659a851c73aa97dcb6031bf45c659cc822b13e947683c5689619f2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
x-amz-version-id: W3zhKn.7IsPdKikz5xWZep1Ly03QjvH5
via: 1.1 edb4467fad6c19f876564012471f929a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P7
age: 3614
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 27 Apr 2023 10:29:00 GMT
server: cloudflare
etag: W/"407750e10b819ae6ef75e726fcd79341"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lKKGp9%2F9XB44glwijLj2K6Ik4goiOH83YXPUG2r86jv81M%2BQqvtV86o40c7QmwufwqEt1c4OVZWTgEE32DUqw8JBwH4P%2BRsXIB7I0i47vqHhwOjyxENLoJk81n8cjEJyrH0G0CvfUY4vsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 7bfc08330c0f1899-EWR
x-amz-cf-id: IqvDGpUdq4lCoF7LLcZ_1d7E49b9qXEyQV0x2Z7_8grWs04x2xXbzQ==

GET
H2 200 account_613f053dd8506_poptin_493f4af36702c_2023-04-19_14-03-44_version_9.html Show response
d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/ 61 KB
27 KB 141ms
66ms XHR
text/html 2600:9000:21d5:da00:b:8c20:bf40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/account_613f053dd8506_poptin_493f4af36702c_2023-04-19_14-03-44_version_9.html
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21d5:da00:b:8c20:bf40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 122cc2fc6e44056d585c594c59dd33f51fd5271e0b5945c596aaa10205a89704

Request headers

Accept: */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: YtMmBWz44LLsvUXwDHw0y37jH4OdKC43
content-encoding: gzip
via: 1.1 2b26355dcf9bbc955d60730f6007457c.cloudfront.net (CloudFront)
date: Sun, 30 Apr 2023 01:32:38 GMT
x-amz-cf-pop: ORD51-C2
age: 31218
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 20 Apr 2023 07:08:29 GMT
server: AmazonS3
etag: W/"111564099706c6e7f2d92a045e434f45"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: siGo3l2IAtAOYZByn-Dyx-lOR9-knXKVBbHu918pllgi0abc-HzaWw==

GET
H2 200 account_613f053dd8506_poptin_c2f4d16026667_2023-03-31_15-09-04_version_5.html Show response
d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/ 60 KB
18 KB 116ms
43ms XHR
text/html 2600:9000:21d5:da00:b:8c20:bf40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/account_613f053dd8506_poptin_c2f4d16026667_2023-03-31_15-09-04_version_5.html
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21d5:da00:b:8c20:bf40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80a77960c7cd919eb2e44deeb2dfec5e1a3214b77755c2e4ca7a230bf3dc0084

Request headers

Accept: */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: Gl9Ki4IynslcxghfzruF8CYks9x7o1iP
content-encoding: gzip
via: 1.1 2b26355dcf9bbc955d60730f6007457c.cloudfront.net (CloudFront)
date: Sat, 29 Apr 2023 14:36:52 GMT
x-amz-cf-pop: ORD51-C2
age: 39347
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 31 Mar 2023 12:46:29 GMT
server: AmazonS3
etag: W/"dca4c6369caadb32d275ae7d5b152da6"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: QSVLu_RtHTtXR5Pqw5wrW-_4i2fQy2aaPWNLuCDud2ZLoyvHkwmTPQ==

GET
H2 200 account_613f053dd8506_poptin_de66aefb30463_2023-02-21_08-24-48_version_9.html Show response
d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/ 25 KB
5 KB 116ms
45ms XHR
text/html 2600:9000:21d5:da00:b:8c20:bf40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lopmpcew67el.cloudfront.net/client_64d678615e3d0/account_613f053dd8506_poptin_de66aefb30463_2023-02-21_08-24-48_version_9.html
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21d5:da00:b:8c20:bf40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b3085529c69e7d5372a400a2551be69c85c45dbc91deba9ab47a32100cdf99b

Request headers

Accept: */*
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: AlfhrRkgVYLsKpKbQW3RDXgEdxfnClQf
content-encoding: gzip
via: 1.1 2b26355dcf9bbc955d60730f6007457c.cloudfront.net (CloudFront)
date: Sun, 30 Apr 2023 01:32:38 GMT
x-amz-cf-pop: ORD51-C2
age: 31218
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 22 Feb 2023 11:40:09 GMT
server: AmazonS3
etag: W/"500fbb071f0033020e74837444a82bcc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: uBW3PYz8qqNtXEJH9wRPH8gVaL3BF2KQEXSswl7kJuWbP8vNpx962A==

GET
H3 404 play_icon.png
www.picussecurity.com/assest/ 8 KB
8 KB 423ms
422ms Image
text/html 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/assest/play_icon.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de34e2d6336f1d2a3d7c3982cbaae6ae6a5f7212c0ac8d7750a94e87bb91d5bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 01:32:38 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2df572b3-4628-4243-b420-eedf996a3127
x-envoy-upstream-service-time: 227
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 79c46c67-4e7c-4c64-a00a-e11bf2e7d43f
x-hs-reason: No view mapper found to handle request
server: cloudflare
x-trace: 2B2A9F010FD33E7C0FCCE92333DF318C40456600FC000000000000000000
vary: origin, Accept-Encoding
x-hubspot-notfound: true
content-type: text/html;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-788bbf7c8-hjxg6
x-evy-trace-virtual-host: all
cache-control: s-maxage=5,max-age=5
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqOOE0rWRuM1QPLQin5VrCQzbKKBw5tRw78lpYl4rB60dAA35bzn0BB40j94Xw0CcOaFYeAzFCFTEGp3qBMJZ%2BayBbL9xXmVqtq3tNq7oviWdFZj0qbKgQyCa7x3Wj16CWXyVyFrMVztHhtusfhm63zPWw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bfc0833fdd84bca-YUL

GET
DATA 200
OK truncated
/ 20 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c10335e4b90022b9ec2194aa693f05f029bd864dd0de5c0b3080a6195a6f2808

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 perf Show response
www.picussecurity.com/_hcms/ 2 B
831 B 152ms
151ms XHR
text/plain 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.picussecurity.com/_hcms/perf
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type: application/json

Response headers

date: Sun, 30 Apr 2023 01:32:40 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f6361034-27c8-4b92-9396-330015cb4c45
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3e7f8b97-a22b-405f-a62c-701aacc680ea
server: cloudflare
x-trace: 2B58F89AAC10B17EBE2493CB40C3B60C126BABF0F0000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05aG9f%2FEqG6PJ1y6Ji54Qw7vh7Zf0W93OQaz0itxZqBAYheXYahRqTlRWae%2BgperQexcE4gp%2B%2By9gB%2B0618u96KcKWWCrTil7WWxl0wMuhdvmHDrgKxnEScOAkimkV3Fgc0UNZ6OSX30iZ85HF2FMr17qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-788bbf7c8-fscvp
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 7bfc08404bde4bca-YUL
x-robots-tag: none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pageimprove.io
URL: https://pageimprove.io/s/87e36deb-3baa-4073-8132-78c55a109492/www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach/0.json?version=1.0.0

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.picussecurity.com/	1970-01-20 11:27:00	Name: __cf_bm Value: f83pkOzhxkMKfzSz6_RI0wQJZ.UJOh2PtZRNpTKRjhc-1682818355-0-AQprW4r5KBf2tIFWPjW4k8RsOQXqMr+UTV9netvxlKA+xYUg8p5MqHBpq7eh2aYNsArtL975e3MruNqqKhyxdMk=
.www.picussecurity.com/	1969-12-31 23:59:59	Name: __cfruid Value: 45bfb67ab866e4bbdfe3287226dc2141466e6be3-1682818355
.picussecurity.com/	1970-01-20 13:36:34	Name: _gcl_au Value: 1.1.272820528.1682818356
www.picussecurity.com/	1970-01-20 11:27:01	Name: MF69CXJ-OZ2jFJm35 Value:
www.picussecurity.com/	1970-01-20 11:27:01	Name: MF6JIbbIciiT7 Value:
www.picussecurity.com/	1970-01-20 11:27:01	Name: MF6JIbbJSfd Value:
www.picussecurity.com/	1970-01-20 11:27:01	Name: MF6JIbbCSRZlD Value:
www.picussecurity.com/	1970-01-20 21:02:58	Name: MFVaKX5 Value: d3e19efc-cc57-4952-94d0-d990ef3ef7b6
www.picussecurity.com/	1970-01-20 11:27:01	Name: MFVaKk-5 Value: 9b86fb86-7bba-471b-89de-973c26d2c8ef
.linkedin.com/	1970-01-20 13:36:34	Name: li_sugr Value: 857430a8-3135-4bb1-be41-951b21ef96bd
.linkedin.com/	1970-01-20 20:12:34	Name: bcookie Value: "v=2&e53d24a7-bfa4-4dd8-8e06-56e6995e3103"
.linkedin.com/	1970-01-20 11:28:24	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2520:u=1:x=1:i=1682818356:t=1682904756:v=2:sig=AQHQ7hmDf2pmgnyoJOxa4hAVPWY3Dzse"
.hubspot.com/	1970-01-20 11:27:00	Name: __cf_bm Value: Hpjd0lv9YHC.zu.2Efy8wReL4.dpeiSnxBH7nGis2Uk-1682818356-0-AfmkHCjs5FNusGLjVoTEDjqFm3hRJO3cPf5ML7+FyWni31DlG0bdHxum4IW4ajFgC45XZ3rx5eiuvRDpEVg9q3Q=
.picussecurity.com/	1970-01-20 21:02:58	Name: _ga_DB6MKXQ2E6 Value: GS1.1.1682818356.1.0.1682818356.60.0.0
.picussecurity.com/	1970-01-20 21:02:58	Name: _ga Value: GA1.1.739989578.1682818357
.linkedin.com/	1970-01-20 12:10:10	Name: UserMatchHistory Value: AQKyHBSVy9VQIAAAAYfPylXz248YYwSwWsqd11OMUrgvbrGQB8GvBw7tRKk8pnjy5_iIwysnN2tWlg
.linkedin.com/	1970-01-20 12:10:10	Name: AnalyticsSyncHistory Value: AQLMlRthN5qPVAAAAYfPylX0_b1SJz9dbf5YMNOIMIDCqq_e-U_wT6l_op4uClCl-WyyPY_svsM-CRxTFdRM4A
www.picussecurity.com/	1970-01-20 11:28:24	Name: ln_or Value: eyIyMDQyNDI4IjoiZCJ9
.www.linkedin.com/	1970-01-20 20:12:34	Name: bscookie Value: "v=1&20230430013236e9bfe9ad-18db-4e55-8e8b-6d35682eb845AQF1gKFE_0NHx21oeblYgtgLUEcrKxvW"
www.picussecurity.com/	1970-01-20 11:29:51	Name: poptin_old_user Value: true
www.picussecurity.com/	1970-01-20 20:12:34	Name: poptin_user_id Value: 0.szxr7fq2w4
www.picussecurity.com/	1970-01-20 20:12:34	Name: poptin_user_ip Value: 2607:5300:60:7867::5
www.picussecurity.com/	1970-01-20 20:12:34	Name: poptin_user_country_code Value: false
www.picussecurity.com/	1970-01-20 12:10:10	Name: poptin_session_account_613f053dd8506 Value: true
www.picussecurity.com/	1970-01-20 11:27:00	Name: poptin_o_v_c2f4d16026667 Value: 6c49db3517c45
www.picussecurity.com/	1970-01-20 11:27:00	Name: poptin_o_v_de66aefb30463 Value: a7246f354ccd5
www.picussecurity.com/	1970-01-20 11:27:00	Name: poptin_session Value: true
www.picussecurity.com/	1970-01-20 12:10:10	Name: poptin_c_visitor Value: true

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js(Line 1) Message: <link rel=preload> must have a valid `as` value
other	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js(Line 1) Message: <link rel=preload> must have a valid `as` value
other	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js(Line 1) Message: <link rel=preload> must have a valid `as` value
other	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js(Line 1) Message: <link rel=preload> must have a valid `as` value
network	error	URL: https://www.picussecurity.com/assest/play_icon.png Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach Message: Access to XMLHttpRequest at 'https://pageimprove.io/s/87e36deb-3baa-4073-8132-78c55a109492/www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach/0.json?version=1.0.0' from origin 'https://www.picussecurity.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://pageimprove.io/s/87e36deb-3baa-4073-8132-78c55a109492/www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach/0.json?version=1.0.0 Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7048931.fs1.hubspotusercontent-na1.net
analytics.google.com
app.hubspot.com
cdn.linkedin.oribi.io
cdn.mouseflow.com
cdn.popt.in
cdnjs.cloudflare.com
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
d3lopmpcew67el.cloudfront.net
display.popt.in
fonts.googleapis.com
fonts.gstatic.com
fonts.popt.in
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hscollectedforms.net
js.hsleadflows.net
p.visitorqueue.com
pageimprove.io
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
settings.luckyorange.net
snap.licdn.com
stats.g.doubleclick.net
syndication.twitter.com
t.visitorqueue.com
tctguyhimcwcyexxgullu3seem0fkhrh.lambda-url.us-west-2.on.aws
track.hubspot.com
www.google.ca
www.googletagmanager.com
www.linkedin.com
www.picussecurity.com
pageimprove.io
104.244.42.8
13.107.42.14
151.139.128.10
172.67.75.100
2600:141b:9000::b857:ad5b
2600:1f14:50b:9a02:819f:ed7c:3c76:3d0d
2600:9000:21d5:da00:b:8c20:bf40:21
2600:9000:2211:5a00:2:53b2:240:93a1
2600:9000:2512:6a00:c:77c4:d500:93a1
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:2c40::c73c:67e3
2606:4700:3033::6815:4128
2606:4700:3035::ac43:9e06
2606:4700::6810:8ace
2606:4700::6811:190e
2606:4700::6811:6cc7
2606:4700::6811:7f6e
2606:4700::6811:d5f3
2606:4700::6811:d6f3
2606:4700::6812:18c4
2606:4700::6812:f0f
2606:4700::6813:9b53
2607:f8b0:4004:c17::9d
2607:f8b0:4006:80d::2003
2607:f8b0:4006:80d::2008
2607:f8b0:4006:80d::200e
2607:f8b0:4006:817::200a
2607:f8b0:4006:824::2003
2620:1ec:21::14
2620:1ec:4e:1::40
2a03:2880:f011:8:face:b00c:0:1
3.97.253.3
34.117.30.33
54.192.121.18
038dbf0a8e67140f0795914f07367044b1cc5cc79de0bdc98e9ba71f62314a33
050e70c29b7d7e484f6df0351fb6f40e701630ff0ededb8e0c9bf8c567d16c2c
0546b1884b747fa252654e17648d04c5648eee2379daa3422943d50c02a59d4b
0fc71dcb60a67ba1393e8cc2f25b2327aa6fe0ae502aa99b84f3df2ddcab5577
1018aad3ed798d98490fb01484d0aaf7ba3528f74288091644ae53523c3aa82f
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
1211b9bf5f5278b9d2b064e35be18c27e3274df41a3e348118b713c7a696fae0
122cc2fc6e44056d585c594c59dd33f51fd5271e0b5945c596aaa10205a89704
1402775094c080fbac255124fae43c0f2f2f103b6857a0b106c8e36daa79ea3a
157f1152a47eabe7043bc89407000ea8c002e5012170a0ffb8c04e8711178a35
16b84aa6e5c0082d1394fe06c80ca2267d7cee80fdea7916193a87e6305d4f38
182c0c4a049b82ebaa738d7c22e68bceb8aad2f6d78b94c300b80613c92bff0a
1d214792b986a7986cf226ad5f346fa58b7857bcfee980f8c3bc897cf17df564
223af9efcf2ebb78d010ac1d3a3b104fadd39c7e4ac1006a870188c83e669dbb
2bf307c40d76db4cff5f6008731a1fb623afca4e2c14ae403d619f9db5d0b46d
2cbba247ca6de6962085423c671b17bd76d58692e32e8e40ad808a12e27bbeab
30c582f4480ac01ccc5d0040483b6cfbdef887951b12871cbd62b6ab7e6d0b43
310f7d360d659a851c73aa97dcb6031bf45c659cc822b13e947683c5689619f2
34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0
380833de27ae130eb2f99b6cf44c809acb17014a836387fc3e842f91376c370e
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3b260fcd4a88bb5de6f203ec09575535a0b19caa9083de9ce7b09560f27c3415
3e1b90d8d7751a7342311390081c85ce3089da757450a1a6c2be1fa3cdc706e0
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
41b56746f2d05def7f07306b7bc82f78e760d941f0cfecd0be1fee183f478a91
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
48c22238a7c255b1e07ad60d097624a33f88dea18e6551f5a2012ac9e17bdba9
4b650e5c4785025dee7bd65e3c5c527356717d7a1c0bfef5b4ada8ca1e9cbe17
52f8e951ff8d0ef447f9f7da1d5bcbba721d2a8498cfcc02e15a15114d5080f7
5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910
54d4ed910270becc16fa9e4edbd3b6bbe5b9800fcb093ceb2af4a627b5797a43
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
565919380e5f80db6b4eb9f3413feba2322b4074312c5db301aba17b768e762a
5b152c384ea8c3be37e1991fb98124e98e741249d1ae916fee12c197a7ded34b
5b3085529c69e7d5372a400a2551be69c85c45dbc91deba9ab47a32100cdf99b
676676c35e87b7746f8d7b9376ab991a2179b37a3c788f91c4888ca2f26a08e1
6a9aa2164078369581e00b4f103ae6b72e2af06d4ccdd21d4860cc0e567f2d9a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d74aea3ea1a09d7239128033be4a712352c7d38e458103f16f27c9446e8b329
70d49b29e1ac3adeb18c787584abb252d2e1bd2f6f07b13fb612d3c6214e43c4
7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253
7522c2cf228f80d9b1af1172f45d04b729d43dd8b9fc7cccb06eee2dd9629fed
798d10a2358bf2bb2383db429dbd3872c61623eae564f5ec4b35cebe16e8d3ee
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7de43cd45503e957602fc896bd8af5ae0556e3e8564bf0ad803130ca3948ff4f
804f8a758fd30f2684d13ab752eee92d828ca1d9f0ece5afda1972e403f1bd00
80a77960c7cd919eb2e44deeb2dfec5e1a3214b77755c2e4ca7a230bf3dc0084
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8503bb1f3969798a88dce37ee7f38979711dfd7495f5b8dafd66a19ff24e2d15
854984ae44d6553c9692cb76fc0602c6c0ca25a2c0b1183c3d3c584c248941f2
86335921874ad6120c0dbfcbf083f4556493d8d352791305838d905d2ef5974b
86b7392f3afd63ab1e1b097b157bbaeb34953ecaa69d721ce7e46ddbda429cf8
8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
910f1b8952bd56ea24508baf61956e59ccd2fc22e4069201300f891928f736a0
918fee3ce7b66d4eb6b8c84cabf46beb8b76a888ae71ea44ff2a168dbfb70d4c
91f2c863f01c079244c565ac2e597291b43b6e454475545f4b241c730c432f09
959a72ff1653d96c5907949f615d9ee1e53a38c8529ce77b40e0d8395d24030f
99055dba9f2387917c3e9808aacc7c2e23a12705985bb8c4a6fcef05a2a0c682
ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07
b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f
bda5d2129fbe423e6a9d5688f04ac8ea083052c3e38056ada7672f8ca1c38dc6
bdce0b54370929aacc3fead98822cd9193639271d9a7dcc7c0c478f1586409ea
c10335e4b90022b9ec2194aa693f05f029bd864dd0de5c0b3080a6195a6f2808
c6609f80e029478943fe4efb505b13d149e792d09bf99619837497996f472517
ca9938198df5338b37787f18dddff8e8daa40170bc0cc39e6158c2280855e774
cd28cf99e2e8aa2015c80e6a4de778bf326824014f8fa42de3606f45b930b76c
ce6304e9ca59a9958810013b465dd4e8d13acbb6af0b2d330bc482c6a18a3f42
d33d13eb7856b3d2f87532c02b56bb48c9fa8511633ca8b256afc8b88deb5838
d5b3faf5ec92b8291684bf008308c4248ea2f6a1d05c7eec98366e08438a56b7
d7459dd5ce48ddd21da15f490514af4be07ff85f0b0b6b9e118542d68ff5ec91
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de08f8a20a74f26f4d2e404db139836f037dfc98c6ae9b2c7e5b09d90e4a97c7
de34e2d6336f1d2a3d7c3982cbaae6ae6a5f7212c0ac8d7750a94e87bb91d5bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41bf03e20a308c2b0674b112c492575ec632eb0a5cf5032bf091e1536a937ba
e4259016e3aece696ce32c5fe10fda871dcacb7ee061e9f3136cafba7d85761f
e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221
ee596884317564904ae040715f9d2961b96b088c0034ff3f4904a6ddfea7221f
ef0a0e5bb796f1a07e8054e517e697a8d0b7d8c9017aa00ef4c54102312d4999
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3145adf1bffb7600649b9ec6dfc09809307e270dbe6283dbb3c217677a33a2e
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.picussecurity.com Open in urlscan Pro 2606:2c40::c73c:67e3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

102 Requests

97 %HTTPS

79 %IPv6

27 Domains

38 Subdomains

34 IPs

2 Countries

9152 kBTransfer

11962 kBSize

28 Cookies

35 Outgoing links

Redirected requests

102 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.picussecurity.com Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Screenshot
Live screenshot

Full Image

102
Requests

97 %
HTTPS

79 %
IPv6

27
Domains

38
Subdomains

34
IPs

2
Countries

9152 kB
Transfer

11962 kB
Size

28
Cookies

102 HTTP transactions
1 data transactions