www.propublica.org Open in urlscan Pro
2606:4700::6810:fb33 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Submission: On June 15 via api (June 15th 2024, 9:00:07 pm UTC) from US — Scanned from DE

Summary HTTP 60 Redirects Links 52 Behaviour Indicators

Summary

This website contacted 29 IPs in 5 countries across 18 domains to perform 60 HTTP transactions. The main IP is 2606:4700::6810:fb33, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.propublica.org. The Cisco Umbrella rank of the primary domain is 119054.
TLS certificate: Issued by E1 on June 2nd 2024. Valid for: 3 months.

This is the only time www.propublica.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700::68... 2606:4700::6810:fb33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	104.16.252.51 104.16.252.51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:fc33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:ab0... 2a02:26f0:ab00:39e::14a9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	18.173.187.80 18.173.187.80	16509 (AMAZON-02) (AMAZON-02)
1	18.173.155.56 18.173.155.56	16509 (AMAZON-02) (AMAZON-02)
3	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
1	18.239.94.85 18.239.94.85	16509 (AMAZON-02) (AMAZON-02)
1	54.230.228.115 54.230.228.115	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	52.17.99.225 52.17.99.225	16509 (AMAZON-02) (AMAZON-02)
1	18.164.52.121 18.164.52.121	16509 (AMAZON-02) (AMAZON-02)
2	75.2.40.13 75.2.40.13	16509 (AMAZON-02) (AMAZON-02)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	18.238.243.129 18.238.243.129	16509 (AMAZON-02) (AMAZON-02)
1	18.239.18.118 18.239.18.118	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	172.67.72.135 172.67.72.135	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.230.228.24 54.230.228.24	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0d::9b	15169 (GOOGLE) (GOOGLE)
2	142.251.209.131 142.251.209.131	15169 (GOOGLE) (GOOGLE)
1	18.239.70.203 18.239.70.203	16509 (AMAZON-02) (AMAZON-02)
1	104.16.251.51 104.16.251.51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:7e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:20:... 2606:4700:20::ac43:479c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	16.182.32.225 16.182.32.225	16509 (AMAZON-02) (AMAZON-02)
60	29

2 2606:4700::6810:fb33 (United States)

ASN13335 (CLOUDFLARENET, US)

www.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.16.252.51 (None, )

ASN13335 (CLOUDFLARENET, US)

assets.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.assets-d.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:fc33 (United States)

ASN13335 (CLOUDFLARENET, US)

static.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00:39e::14a9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn-4.convertexperiments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.187.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-80.muc50.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.155.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-155-56.muc50.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.94.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-94-85.ams1.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-115.muc50.r.cloudfront.net

htlbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.99.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.52.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-52-121.cdg50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.243.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-129.ams58.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.18.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-118.ams58.r.cloudfront.net

client.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.72.135 (United States)

ASN13335 (CLOUDFLARENET, US)

static.trueanthem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.trueanthem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-24.muc50.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.209.131 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ham11s07-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.70.203 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-70-203.ams58.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.251.51 (None, )

ASN13335 (CLOUDFLARENET, US)

www.propublica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:7e5 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::ac43:479c (United States)

ASN13335 (CLOUDFLARENET, US)

iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 16.182.32.225 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ams-pageview-public.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	propublica.org www.propublica.org — Cisco Umbrella Rank: 119054 assets.propublica.org — Cisco Umbrella Rank: 135666 img.assets-d.propublica.org — Cisco Umbrella Rank: 355795 static.propublica.org — Cisco Umbrella Rank: 151116	2 MB
5	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 8123 iteratehq.com — Cisco Umbrella Rank: 6829	28 KB
5	google.com www.google.com — Cisco Umbrella Rank: 5 region1.analytics.google.com — Cisco Umbrella Rank: 3078	1 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 stats.g.doubleclick.net — Cisco Umbrella Rank: 132	174 KB
3	trueanthem.com static.trueanthem.com — Cisco Umbrella Rank: 24816 b.trueanthem.com — Cisco Umbrella Rank: 23568	12 KB
3	amazon-adsystem.com config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 733 client.aps.amazon-adsystem.com — Cisco Umbrella Rank: 14247 c.amazon-adsystem.com — Cisco Umbrella Rank: 351	68 KB
2	google.de www.google.de — Cisco Umbrella Rank: 8196	126 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 68	21 KB
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 4138	497 B
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1344	60 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 3743 p1.parsely.com — Cisco Umbrella Rank: 2578	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	192 KB
1	amazonaws.com ams-pageview-public.s3.amazonaws.com — Cisco Umbrella Rank: 11229	448 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3420	233 B
1	gstatic.com www.gstatic.com	206 KB
1	htlbid.com htlbid.com — Cisco Umbrella Rank: 9344	134 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 4345	34 KB
1	convertexperiments.com cdn-4.convertexperiments.com — Cisco Umbrella Rank: 10125	66 KB
60	18

	Domain	Requested by
12	assets.propublica.org	www.propublica.org assets.propublica.org
6	static.propublica.org	www.propublica.org
3	iteratehq.com	platform.iteratehq.com
3	www.google.com	www.propublica.org www.gstatic.com
3	www.propublica.org	www.propublica.org assets.propublica.org
2	platform.iteratehq.com	www.propublica.org platform.iteratehq.com
2	www.google.de	www.propublica.org
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	static.trueanthem.com	www.googletagmanager.com static.trueanthem.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	securepubads.g.doubleclick.net	htlbid.com securepubads.g.doubleclick.net
2	api.sail-personalize.com	ak.sail-horizon.com
2	www.googletagmanager.com	www.propublica.org www.googletagmanager.com
1	ams-pageview-public.s3.amazonaws.com
1	b.trueanthem.com	static.trueanthem.com
1	c.amazon-adsystem.com	client.aps.amazon-adsystem.com
1	vc.hotjar.io	script.hotjar.com
1	client.aps.amazon-adsystem.com	htlbid.com
1	config.aps.amazon-adsystem.com	htlbid.com
1	script.hotjar.com	static.hotjar.com
1	p1.parsely.com	www.propublica.org
1	www.gstatic.com	www.google.com
1	htlbid.com	www.propublica.org
1	static.hotjar.com	www.propublica.org
1	cdn.parsely.com	www.propublica.org
1	ak.sail-horizon.com	www.propublica.org
1	cdn-4.convertexperiments.com	www.propublica.org
1	img.assets-d.propublica.org	www.propublica.org
60	29

This site contains links to these domains. Also see Links.

Domain
give.propublica.org
www.facebook.com
twitter.com
www.instagram.com
propublica.org
policies.google.com
www.whitehouse.gov
www.cbsnews.com
www.finance.senate.gov
www.wsj.com
www.intelligence.senate.gov
www.documentcloud.org
www.axios.com
regmedia.co.uk
homeland.house.gov
www.cisa.gov
www.microsoft.com
www.ft.com
www.geekwire.com
news.microsoft.com
www.popsci.com
ppubs.uspto.gov
www.cyberark.com
web.archive.org
www.linkedin.com
troopers.de
techcommunity.microsoft.com
x.com
www.ciberesponce.com
www.defense.gov
redmondmag.com
towcenter.columbia.edu
documentedny.com
itunes.apple.com
play.google.com
p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion
creativecommons.org
support.google.com

Subject Issuer	Validity	Valid
www.propublica.org E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
assets.propublica.org WE1	`2024-06-15` - `2024-09-13`	3 months	crt.sh
img.assets-d.propublica.org Cloudflare Inc ECC CA-3	`2023-10-28` - `2024-10-27`	a year	crt.sh
static.propublica.org E1	`2024-06-01` - `2024-08-30`	3 months	crt.sh
*.convertexperiments.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-11-09`	a year	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
ak.sail-horizon.com Amazon RSA 2048 M02	`2023-12-04` - `2024-12-30`	a year	crt.sh
*.parsely.com Amazon RSA 2048 M03	`2024-04-05` - `2025-05-04`	a year	crt.sh
*.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
htlbid.com Amazon RSA 2048 M01	`2023-09-21` - `2024-10-18`	a year	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
api.sail-personalize.com Amazon RSA 2048 M02	`2024-03-25` - `2025-04-22`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2024-01-21` - `2025-02-19`	a year	crt.sh
client.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-12-20` - `2025-01-18`	a year	crt.sh
trueanthem.com E1	`2024-05-17` - `2024-08-15`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.google.de GTS CA 1C3	`2024-05-27` - `2024-08-19`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-12-30` - `2024-12-04`	a year	crt.sh
iteratehq.com E1	`2024-05-17` - `2024-08-15`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2024-04-22` - `2025-04-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Frame ID: 949353265982E4FAF37CDFEA643D4F48
Requests: 59 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly93d3cucHJvcHVibGljYS5vcmc6NDQz&hl=de&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=luvfl5viaq5j
Frame ID: 2549C41F0C456DCD989AD5C42FAA5E99
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

60
Requests

100 %
HTTPS

36 %
IPv6

18
Domains

29
Subdomains

29
IPs

5
Countries

2585 kB
Transfer

5330 kB
Size

18
Cookies

52 Outgoing links

These are links going to different origins than the main page.

URL: https://give.propublica.org/give/346423/#!/donation/checkout?c_src=PB
Title: Protect Fearless Journalism Summer Member Drive Deadline: MIDNIGHT Donate Now

Search URL Search Domain Scan URL

URL: https://give.propublica.org/give/346423/#!/donation/checkout?c_src=UpRed
Title: Donate

Search URL Search Domain Scan URL

URL: https://www.facebook.com/propublica
Title: Facebook Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/propublica
Title: Twitter Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/propublica/
Title: Instagram Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers&text=Microsoft%20Refused%20to%20Fix%20Flaw%20Years%20Before%20SolarWinds%20Hack
Title: Twitter Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Title: Facebook Facebook

Search URL Search Domain Scan URL

URL: https://propublica.org/
Title: ProPublica

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://give.propublica.org/give/346423/#!/donation/checkout?c_src=InL
Title: Donate Now

Search URL Search Domain Scan URL

URL: https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/
Title: confirmed reports

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-07-04/
Title: largest cyberattacks

Search URL Search Domain Scan URL

URL: https://www.finance.senate.gov/ranking-members-news/wyden-statement-following-treasury-and-irs-briefing-on-solarwinds-hack
Title: including those of its highest-ranking officials

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601
Title: described the breach

Search URL Search Domain Scan URL

URL: https://www.intelligence.senate.gov/sites/default/files/documents/qfr-bsmith-022321.pdf
Title: assured Congress in 2021

Search URL Search Domain Scan URL

URL: https://www.documentcloud.org/documents/24742779-microsoft-statement
Title: the company issued a statement

Search URL Search Domain Scan URL

URL: https://www.axios.com/2024/05/17/pentagon-weighs-microsoft-licensing-upgrades
Title: seeks to expand its use of Microsoft products

Search URL Search Domain Scan URL

URL: https://regmedia.co.uk/2024/06/04/schmitt_wyden_dod_microsoft_e5.pdf
Title: drawn scrutiny

Search URL Search Domain Scan URL

URL: https://homeland.house.gov/hearing/a-cascade-of-security-failures-assessing-microsoft-corporations-cybersecurity-shortfalls-and-the-implications-for-homeland-security/
Title: the House Homeland Security Committee

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/resources-tools/resources/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer-2023
Title: found

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/
Title: the company’s top priority is security

Search URL Search Domain Scan URL

URL: https://www.ft.com/content/0e8c3002-20c7-11ea-92da-f0c92e957a96
Title: breakthrough

Search URL Search Domain Scan URL

URL: https://www.geekwire.com/2014/satya-nadellas-full-memo-microsoft-staffers-need-believe-impossible-remove-improbable/
Title: cloud-first world

Search URL Search Domain Scan URL

URL: https://news.microsoft.com/2012/01/11/memo-from-bill-gates/
Title: sending a memo

Search URL Search Domain Scan URL

URL: https://www.popsci.com/scitech/article/2007-06/worst-jobs-science-2007/
Title: worst jobs in science

Search URL Search Domain Scan URL

URL: https://ppubs.uspto.gov/dirsearch-public/print/downloadPdf/10977364
Title: Microsoft patent

Search URL Search Domain Scan URL

URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Title: CyberArk published a blog post describing the flaw

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20171209163607/https://azure.microsoft.com/en-us/overview/azure-vs-aws/
Title: continued to promote the safety of its products

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/posts/andrewfharris_yet-another-post-on-securing-identity-with-activity-6503732899240562688-nq9w?utm_source=share&utm_medium=member_desktop
Title: Harris also took his message to LinkedIn

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria
Title: had published a formal definition

Search URL Search Domain Scan URL

URL: https://troopers.de/troopers19/agenda/fpxwmn/
Title: at a conference in Germany

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754
Title: Microsoft advised customers

Search URL Search Domain Scan URL

URL: http://x.com/ciberesponce/status/1339885673646612480?s=46&t=chjNjKsX2TeMLEHigHtMaA
Title: public in a series

Search URL Search Domain Scan URL

URL: https://twitter.com/ciberesponce/status/1363483257136947204?s=46&t=chjNjKsX2TeMLEHigHtMaA
Title: posts

Search URL Search Domain Scan URL

URL: https://www.ciberesponce.com/learning-identity-cyber-attacks/
Title: personal blog

Search URL Search Domain Scan URL

URL: https://x.com/ciberesponce/status/1364336404122263554?s=46&t=chjNjKsX2TeMLEHigHtMaA
Title: Challenging Brad Smith

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/posts/andrewfharris_ive-been-outspoken-a-bit-on-how-bypassing-activity-6745561216145588224-R4mj?utm_source=share&utm_medium=member_desktop
Title: wrote on LinkedIn in December 2020

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/non-interactive-logins-minimizing-the-blind-spot/ba-p/2287932
Title: the company said in a blog post

Search URL Search Domain Scan URL

URL: https://www.intelligence.senate.gov/sites/default/files/documents/os-bsmith-022321.pdf
Title: saying it was used in just 15% of the 60 cases

Search URL Search Domain Scan URL

URL: https://www.intelligence.senate.gov/hearings/open-hearing-hearing-hack-us-networks-foreign-adversary
Title: pointedly asked him

Search URL Search Domain Scan URL

URL: https://www.defense.gov/News/News-Stories/Article/Article/3243483/department-names-vendors-to-provide-joint-warfighting-cloud-capability/
Title: won a piece

Search URL Search Domain Scan URL

URL: https://redmondmag.com/articles/2022/02/14/azure-active-directory-certificate-based-authentication-preview.aspx
Title: in 2022

Search URL Search Domain Scan URL

URL: https://give.propublica.org/give/346423/#!/donation/checkout?c_src=PSN
Title: Donate Now

Search URL Search Domain Scan URL

URL: https://twitter.com/renee_dudley
Title: Twitter @renee_dudley

Search URL Search Domain Scan URL

URL: https://towcenter.columbia.edu/
Title: Tow Center for Digital Journalism

Search URL Search Domain Scan URL

URL: http://documentedny.com/
Title: Documented

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/propublica/id355298887?mt=8
Title: iOS

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.propublica&hl=en
Title: Android

Search URL Search Domain Scan URL

URL: http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/
Title: Browse via Tor

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by-nc-nd/3.0/
Title: Creative Commons License (CC BY-NC-ND 3.0)

Search URL Search Domain Scan URL

URL: https://support.google.com/webmasters/answer/139066?hl=en
Title: refer to this Google SEO link

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

60 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request microsoft-solarwinds-golden-saml-data-breach-russian-hackers Show response
www.propublica.org/article/ 241 KB
56 KB 456ms
356ms Document
text/html 2606:4700::6810:fb33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fb33 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4ce98fa4353e64588aad264956ad0f88cb480c19f3a85a89028c8b51ef8082e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=900, public, must-revalidate, stale-while-revalidate=60, stale-if-error=60
cf-ray: 89457cb8dd992c19-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 15 Jun 2024 21:00:01 GMT
onion-location: http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
pragma: cache
server: cloudflare
strict-transport-security: max-age=10886400; includeSubDomains; preload
vary: Accept-Encoding
x-author: queue-worker
x-debug: Cached
x-frame-options: SAMEORIGIN
x-origin: v3-www.propublica.org

GET
H3 200 main.b279d597.css
assets.propublica.org/static/prod/v5/css/ 391 KB
45 KB 231ms
167ms Stylesheet
text/css 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f35e78222f56db6a988483a77fbcaa4f9b68215b3cda625eedba5f0584b89436

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 8WXYVH398PCEPDGE
cf-polished: origSize=403975
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ipp9onxDrBXUwVvrj7BGn9asU6Gwp4itLOzYLOfjhXeDFUv8/x5jF8AkvaWlzpFE7UqDPSCsmj8=
cf-bgj: minify
last-modified: Tue, 11 Jun 2024 14:15:14 GMT
server: cloudflare
etag: W/"3afa59e898289af896e6d87a211d72fd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 89457cbb8923926d-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 20240416-KAHN-Tech-Project-0189_maxWidth_3000_maxHeight_3000_ppi_72_quality_95_embedColorProfile_true-1.jpg
img.assets-d.propublica.org/v5/images/ 88 KB
88 KB 186ms
101ms Image
image/webp 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.assets-d.propublica.org/v5/images/20240416-KAHN-Tech-Project-0189_maxWidth_3000_maxHeight_3000_ppi_72_quality_95_embedColorProfile_true-1.jpg?crop=focalpoint&fit=crop&fm=webp&fp-x=0.4719&fp-y=0.491&h=1600&q=75&w=1600&s=2ef4eac4eb8e27feb4a52a3201deedca
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ec536d91535572eebd0e475256a3ef52b17500a83fe5e5ee6865758ea57dbc3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
via: 1.1 5f82872daec754c74bbd4ef1bc7f7314.cloudfront.net (CloudFront), 1.1 b47ba5841a54cf2d19fc521c78e94514.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: FRA60-P9, FRA60-P4
x-amzn-requestid: 5d037fec-37ad-4909-ace0-2227171d07ed
x-cache: Hit from cloudfront
x-amz-apigw-id: ZTL52H79oAMEhdA=
content-length: 89684
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 15 Jun 2024 20:59:00 GMT
server: cloudflare
x-amzn-trace-id: Root=1-666ac03e-492acc2631b964116ac250a5;Parent=0369111aaa5fc11c;Sampled=0;lineage=d08fc70a:0
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 89457cbbab6b9bb3-FRA
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: mwiYGWgO8X67RwE_q9xewWV33r_-N8p9VcmGZdGDMIYh7LCSbaJc0g==
expires: Sun, 15 Jun 2025 21:00:01 GMT

GET
H2 200 step1.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 203 KB
204 KB 355ms
258ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step1.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a2ea3c7c2fe0f7e9782221b00e2c6f56086a661887cc51c36dc66bc590b804a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: _y0VDkwkQ_UjJ8K2e08nxHRu4kVEjqDO
cf-cache-status: HIT
x-amz-request-id: SSNWTMYWPJ73TMEV
cf-polished: origFmt=png, origSize=351177
content-disposition: inline; filename="step1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 208086
x-amz-id-2: jCJk/5Wb/6OfrLe/Ll59DDCl6trNm7mddBbhizWyEhQRhaoD3FwgAsWr3C00l3EN3xQktxrzj9s=
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 May 2024 20:53:46 GMT
server: cloudflare
etag: "3d42017cd46ccd10d4e00cf5698e8e97"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbbba132c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 step2.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 201 KB
201 KB 287ms
191ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step2.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 235e09faf6bd00c79ebcce860fca8bf7cadf5d74e261f816d712213bffcaefea

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: qDPCg.64JzljLyHYeAkIBZ0wFTj.vBRv
cf-cache-status: HIT
x-amz-request-id: DRBEWWPFW45GFE18
cf-polished: origFmt=png, origSize=576331
content-disposition: inline; filename="step2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 205530
x-amz-id-2: +WgiI5Rok8wzYVn/+OYOLhuLmx1w0jAKDD0NO/JibxsXRgN4dqmqU0lBj9P+s6n5ESb8cnR9T1M=
cf-bgj: imgq:85,h2pri
last-modified: Tue, 11 Jun 2024 20:30:17 GMT
server: cloudflare
etag: "df2b68eeba552e6d21cb695a51cb40d6"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbbba182c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 step3.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 164 KB
164 KB 228ms
226ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step3.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5251b32998770dc4eb0f8619f8ee3ce8180f29c7eab4a960abac13d11c8953cc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: gv9bS.PlZGngfgW9sFyqgVm3IHU18hx8
cf-cache-status: REVALIDATED
x-amz-request-id: SX6ZAPJ7BAGYB4C7
cf-polished: origFmt=png, origSize=274546
content-disposition: inline; filename="step3.webp"
alt-svc: h3=":443"; ma=86400
content-length: 167426
x-amz-id-2: SIHbLqLyDrF+tvc1PDLfS/aOdYBVRDzVqKbO8Ka8/kmRekzhHHlwfff8RRScmvhxre3FE5JnDSw=
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 May 2024 20:53:49 GMT
server: cloudflare
etag: "1a2fc68b7816ff6bce53c51ebfc31f22"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbccbb02c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 step4.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 95 KB
95 KB 263ms
262ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step4.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a62e69a28b9ad8b51c67626ace88ae2b3848fc08986e45717acf6f7245991bcf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: Ej_KV1DgOF5JSlPWsQanEoHzwnKP6gKi
cf-cache-status: REVALIDATED
x-amz-request-id: 3W7W11AM5AAHR44J
cf-polished: origFmt=png, origSize=161527
content-disposition: inline; filename="step4.webp"
alt-svc: h3=":443"; ma=86400
content-length: 96922
x-amz-id-2: SK6LVhwfXfy05eFLo4+e3SA0WoJpgM3DN/dylXvmMu5qEmet17OFH5cRmpCboY3mxRQWzT2+cjA=
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 May 2024 20:53:49 GMT
server: cloudflare
etag: "7c2e93edf0fbcade5e8d1c6658ceaf1e"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbccbb32c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 step5.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 174 KB
174 KB 248ms
247ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step5.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d37fa0a940ef2f88de528f4a504ad94c6567b3a45a46231cd9656e6b98b1bba

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: NFUciRVtkfVxpRLU5DmKdx.o59eMUs8C
cf-cache-status: HIT
x-amz-request-id: C8V7FRA0XENVKT9R
cf-polished: origFmt=png, origSize=310182
content-disposition: inline; filename="step5.webp"
alt-svc: h3=":443"; ma=86400
content-length: 177876
x-amz-id-2: Z29y4HT4iC76t9nY8TGn7DXrO/AiYty9sdN9RrlXWt4jlGP+a5y6ezsgk8cd5f10gWbjmqMEmHI=
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 May 2024 20:53:49 GMT
server: cloudflare
etag: "0e6b5d734b294fa5e4e7902831c124a7"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbccbb62c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 step6.png
static.propublica.org/projects/graphics/2024-tech-project/images/ 310 KB
311 KB 184ms
183ms Image
image/webp 2606:4700::6810:fc33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.propublica.org/projects/graphics/2024-tech-project/images/step6.png
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:fc33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fc436708172513c9cea402f9697fc8263738047e54bf6ccea7832dbdf4e017c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
x-amz-version-id: OuF2br9K8m.L9cOd1dtTS9LCch_THByW
cf-cache-status: HIT
x-amz-request-id: C8VA7FRMSY542GN5
cf-polished: origFmt=png, origSize=481845
content-disposition: inline; filename="step6.webp"
alt-svc: h3=":443"; ma=86400
content-length: 317570
x-amz-id-2: Hq59AtLJXxUn0Ri3cgbCGcFQF+1iHw6w31o8wUPzM+I4fnqxZ+nBqF/2IzqQswmIHFMLvWlg9Jc=
cf-bgj: imgq:85,h2pri
last-modified: Fri, 17 May 2024 14:56:52 GMT
server: cloudflare
etag: "c2c15b87abe4bf2e8c205fe7c7230351"
vary: Accept
content-type: image/webp
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89457cbccbb72c3b-FRA
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
H2 200 email-decode.min.js Show response
www.propublica.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
840 B 17ms
16ms Script
application/javascript 2606:4700::6810:fb33
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:fb33 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Jun 2024 17:32:13 GMT
server: cloudflare
etag: W/"66688a1d-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 89457cbccb562c19-FRA
expires: Mon, 17 Jun 2024 21:00:01 GMT

GET
H3 200 main.2c37ba76.js Show response
assets.propublica.org/static/prod/v5/js/ 141 KB
39 KB 182ms
182ms Script
application/javascript 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/js/main.2c37ba76.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00ae2a479a40471a2ee0aafc4e7dafba5123f2b219d91563d52b56853a3bea13

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
x-amz-request-id: 8FTHKFJS2TXND3F5
etag: W/"30a5684f8e8a889b49bddd5f9d39c8c9"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=86400
cf-ray: 89457cbccadf926d-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IdU4lm31xtjX4+fWTFfDJuEZhhZ14cUD1C2RKoghv4mxSBP5oHMcjX74DdyuBRJc29W9af9Awmk=
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H2 200 1004759-1004714.js Show response
cdn-4.convertexperiments.com/js/ 214 KB
66 KB 144ms
66ms Script
application/javascript 2a02:26f0:ab00:39e::14a9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-4.convertexperiments.com/js/1004759-1004714.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00:39e::14a9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9d0e4f449b610645f1a4eb073b77e740bd31f8f43dae9b9e9f9ea91ac3a652d6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
content-length: 67651
expires: Sat, 15 Jun 2024 21:05:01 GMT

GET
DATA 200
OK truncated
/ 311 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91b5da489ea202e119ea66df5393476ffc8a42314a57f4f8719ed547bdebdb19

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 TiemposTextWeb-RegularItalic_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 29 KB
29 KB 279ms
255ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/TiemposTextWeb-RegularItalic_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ef0d3a2ba9b940ee53a1955cfe0de04a98c87831f9d4cb67a22215609a0e88a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: YA9ATTA1QKCETJAK
alt-svc: h3=":443"; ma=86400
content-length: 29405
x-amz-id-2: n9xiHEK+Ba9+F0rjNPrZAx7ROUAwA4qCtsHkcNsI8eQRsB5en7MIsFCJKJD819+j/LCFz+vUP/8=
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
etag: "327d8e120a69bbec3b7d6bdf32235c69"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29f530cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 Graphik-Bold-Web_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 18 KB
18 KB 320ms
296ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/Graphik-Bold-Web_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f75efe09e9a15de6732fbf32bb96bd5d570689576f84be9763fe6147f3f405c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: JHM3S0VCEAQ9XED1
alt-svc: h3=":443"; ma=86400
content-length: 17965
x-amz-id-2: QyHUt2Ptm93e0JL0TfvYBUOp9UgPhpteS/q/SBDQUj0Io574E1u91HE4LKO8uO4+jpSwqm36ZQA=
last-modified: Tue, 11 Jun 2024 14:15:14 GMT
server: cloudflare
etag: "36c66768f1f0efc2065048e1f1dba296"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29fd30cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 Graphik-Regular-Web_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 16 KB
16 KB 241ms
218ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/Graphik-Regular-Web_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ce372d43a91580bdc4185d48a02bef4b7954c49e721e181fa02b656eaa61213

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: PB1DF97A0QF9BCRP
alt-svc: h3=":443"; ma=86400
content-length: 15885
x-amz-id-2: FQNkthhRgPUK0jayPPzjihshcvYZlN+etRoc4xIwNcEGjyAo7AvTVr+13pnNT2JnKYBOylm2zbc=
last-modified: Tue, 11 Jun 2024 14:15:14 GMT
server: cloudflare
etag: "1974b7e72f30b60ceed7de2e5653d7b4"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29f230cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 TiemposTextWeb-Bold_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 29 KB
29 KB 224ms
201ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/TiemposTextWeb-Bold_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 890a308f110701f892cbb8d923d529a06c44e5bbeafa6b92df2fae66f3706bd1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: 8A9M2CYTAT32CNTY
alt-svc: h3=":443"; ma=86400
content-length: 29395
x-amz-id-2: RuyKsUeDL7bR+J1QXgRBIhIL/abHs1CT4oU8coW1bBHrXobxADJYXWPtfdCqNpfHKZkr5ISTpmY=
last-modified: Fri, 10 May 2024 20:21:39 GMT
server: cloudflare
etag: "15e76bde224fbb7970e3b89254be71da"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29f930cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 TiemposHeadlineWeb-Black_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 19 KB
19 KB 236ms
213ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/TiemposHeadlineWeb-Black_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6407c87204c820e7f94f1e129190e3f3589f59c4768cc97c3a76d43075d8f2fa

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: 8VAKJJY54NFPWVCV
alt-svc: h3=":443"; ma=86400
content-length: 19337
x-amz-id-2: UaW1iK0eYbkyer9Z2nOOd04cSe/MR3ysO6AWtg6BA4sOTCqzRlHezRhwalds6gbRW78uPWO5P8Q=
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
etag: "4ca36d6287f01b10c1ac41cd2e1da923"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29ed30cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 TiemposTextWeb-Regular_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 28 KB
28 KB 336ms
313ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/TiemposTextWeb-Regular_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 053a9b913df62d6f62e05479e93d679953d2cf19de25301648d4701d838f7e17

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: 44KGYKD8SQQ2DPCY
alt-svc: h3=":443"; ma=86400
content-length: 28357
x-amz-id-2: sSEeXE/MqeZ38R1qtWHyJ+QiaXvW5ffoOXJbqRnpheSCxHxM/blVsn28F2Zqco4COiBZM97Gw/c=
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
etag: "2f0dc7dd281de8884c39fefcbf755812"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd29ff30cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
DATA 200
OK truncated
/ 93 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8989c627968d589e565262b2ce0406bf93726469ee30fef279c33cc5755db7ce

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 Graphik-RegularItalic-Web_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 17 KB
17 KB 266ms
266ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/Graphik-RegularItalic-Web_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60583255c16aa2f8c3c4a9dc5956f56c3df772aa801046bacc420b4a13d94e8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: DN16KH8Z8VW88EFX
alt-svc: h3=":443"; ma=86400
content-length: 17169
x-amz-id-2: vhVSumMAj2N+RiNt9f+Nrqw0A557vgmLVuz9xHbsd8jl7v4kRb40bX0Se28yTXl35zfuubmvFxY=
last-modified: Tue, 11 Jun 2024 14:15:14 GMT
server: cloudflare
etag: "3c1da0f6a3bc8d311c6993db04950b98"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd5a4a30cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H3 200 TiemposHeadlineWeb-Bold_default.woff2
assets.propublica.org/static/prod/v5/fonts/ 19 KB
20 KB 479ms
478ms Font
font/woff2 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/fonts/TiemposHeadlineWeb-Bold_default.woff2
Requested by: Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a62ee001f1b8313b0030ddf9c3a30c789075a2a4a9065557ab76c46d088bbe0f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://assets.propublica.org/static/prod/v5/css/main.b279d597.css
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
cf-cache-status: HIT
x-amz-request-id: 866Z1EBR2Z46MT7B
alt-svc: h3=":443"; ma=86400
content-length: 19529
x-amz-id-2: vHHBBnWZ/nRV1n5FHMmNc5nFiK7fn7xOB+Jp0fe3pVcMxgbUM/fefKmF+AbNvWt1ZdTI1nLlsGg=
last-modified: Fri, 10 May 2024 20:21:39 GMT
server: cloudflare
etag: "bf354483d7fb9a80bff102f07b0c2266"
access-control-max-age: 900
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 89457cbd5a4c30cc-FRA
expires: Sun, 16 Jun 2024 21:00:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 252 KB
88 KB 120ms
58ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K8BNLGX

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

32dc8e5b62c5072ca082fa0825e8c4817e38eb60435f8bf4c54ac7bf5ce3801c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89268
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 15 Jun 2024 21:00:01 GMT

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 103 KB
34 KB 161ms
58ms Script
application/javascript 18.173.187.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-80.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 304a596bb9715360b71c3002d94553e04943f56dffbbefcf5c3ce3efc60db4a5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 20:50:27 GMT
content-encoding: gzip
via: 1.1 3a5ebe10b769db9444c2df2c2e8a76a8.cloudfront.net (CloudFront)
last-modified: Thu, 06 Jun 2024 16:53:02 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P4
age: 576
x-amz-server-side-encryption: AES256
etag: W/"0a63286546fdaeb63f5762369bd1c4ff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600; must-revalidate
x-amz-cf-id: 9i26-R94twbHeqN63x3mzbqXLqwxJfMFrGb1Yg-6oAeR6Y7oWdfojQ==

GET
H2 200 p.js Show response
cdn.parsely.com/keys/propublica.org/ 57 KB
21 KB 109ms
41ms Script
application/javascript 18.173.155.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/propublica.org/p.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.155.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-155-56.muc50.r.cloudfront.net
Software: nginx /
Resource Hash: d3884bc713cb5a627601c698c23e35773a26df0834336c1ec44dc99850405bda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Sat, 15 Jun 2024 06:47:10 GMT
content-encoding: gzip
via: 1.1 3f7bbc22c659b2b7470c819d073f58b6.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 21:08:48 GMT
server: nginx
x-amz-cf-pop: MUC50-P3
age: 51171
etag: W/"633b4f60-e288"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: 4xpdjUxf21z6G8Y6tl6HK3i4sm3L3HV4RS93AZG-tDmAKD2t9yhtxw==
expires: Sun, 16 Jun 2024 06:47:10 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
994 B 109ms
49ms Script
text/javascript 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f4.1e100.net

Software

GSE /

Resource Hash

dbfe02f7b4e6a9f774d6319770c818b90edc9484a11df766aef0122a7bc81df9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 15 Jun 2024 21:00:01 GMT

GET
H2 200 hotjar-3261149.js Show response
static.hotjar.com/c/ 9 KB
4 KB 148ms
45ms Script
application/javascript 18.239.94.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3261149.js?sv=6

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.94.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-94-85.ams1.r.cloudfront.net

Software

Resource Hash

5d88b11581cbcd64e763300d8338a8af23092f68e9e0b5d2a43970c79353beb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Sat, 15 Jun 2024 20:59:18 GMT
via: 1.1 975fd5d0332c1e0796bab30e0bb30a24.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P3
age: 43
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/3c8fce2511b7f6a15434a6f7ff62cc9f
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: sIfsiHdVZmSP8UmKdWQjY-9SbmxJPUCuWppobOgXs3CDlGUqwW5DhQ==

GET
H2 200 htlbid.js Show response
htlbid.com/v3/propublica.org/ 431 KB
134 KB 111ms
48ms Script
application/javascript 54.230.228.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlbid.com/v3/propublica.org/htlbid.js
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.228.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-228-115.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7a92eee0db3cb15abcd573879561749c8fc4115811eadd1b988dbaf187f75634

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: gzip
via: 1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
last-modified: Tue, 21 May 2024 16:55:35 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P5
age: 60
x-amz-server-side-encryption: AES256
etag: W/"60af01bf29b3b3668a9d07df11f69b90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600
x-amz-cf-id: xhU6uKTL5o4fYK055BrA3CwqbudksitsgfQVGwO1DMfdIeN9ci0o6w==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/ 518 KB
206 KB 79ms
23ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=grecaptchaLoaded&render=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d865eecf3e86c11ab224434aecb84384c87cd8e52f5f0d5fb2f9b5291eab8578

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Origin: https://www.propublica.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 15:18:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 210217
x-xss-protection: 0
last-modified: Mon, 10 Jun 2024 16:44:59 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 14 Jun 2025 15:18:33 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
259 B 159ms
31ms Image
image/gif 52.17.99.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1718485201732&plid=4f1d0796-1a22-4fd3-aec6-87027fabdd1f&idsite=propublica.org&url=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fmicrosoft-solarwinds-golden-saml-data-breach-russian-hackers&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fmicrosoft-solarwinds-golden-saml-data-breach-russian-hackers&sref=&sts=1718485201731&slts=0&title=Microsoft+Refused+to+Fix+Flaw+Years+Before+SolarWinds+Hack+%E2%80%94+ProPublica&date=Sat+Jun+15+2024+23%3A00%3A01+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&action=pageview&pvid=5067c699-18a0-4fc2-9c05-3ea214609fe2&u=pid%3Dc71cc1ae-676c-474b-a76c-6ed0ec515522
Requested by: Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.99.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 15 Jun 2024 21:00:01 GMT
Cache-Control: no-cache
Last-Modified: Saturday, 15-Jun-2024 21:00:01 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 modules.db8890ba82a7e392473f.js Show response
script.hotjar.com/ 223 KB
55 KB 97ms
24ms Script
application/javascript 18.164.52.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.db8890ba82a7e392473f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3261149.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.52.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-52-121.cdg50.r.cloudfront.net

Software

Resource Hash

89a2840e72b9ea060982f79dd7c1ac1cc747617f2bd9790b79ac09497d97fe8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 13:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 9d1195da2196f119f0b70fe9bda25e10.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 371155
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56164
last-modified: Tue, 11 Jun 2024 13:53:21 GMT
etag: "e6623694317786c0abed295167d203ef"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: cpVoFH9lFcbRMdeLKWxArBjjJtTtJme6M_x3xakYqnAECS3yyeM-RQ==

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 288 B
497 B 114ms
113ms Fetch
application/json 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: d214fb391d923c4bca3241b584153c449b7eace8e9359a58724591c949be2b09

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
x-lib-version: v1.0.1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
authorization: Bearer c1d320b4976cc13366759531bf948c3a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
x-referring-url: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
allowedmethods: GET,OPTIONS
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 196
expires: -1

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 423ms
128ms Preflight
text/plain 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://www.propublica.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://www.propublica.org
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Sat, 15 Jun 2024 21:00:02 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 96 KB
30 KB 99ms
62ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: htlbid.com
URL: https://htlbid.com/v3/propublica.org/htlbid.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

f808efb0008c330b54657e52c9a9a23470ec17460fc5aadc59ad1f9e26988030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30887
x-xss-protection: 0
server: cafe
etag: 549 / 19889 / m202406110101 / config-hash: 2657906958883330822
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 15 Jun 2024 21:00:01 GMT

GET
H2 200 30787d05-7895-471e-9cdf-d931d7b5ea5d Show response
config.aps.amazon-adsystem.com/configs/ 563 B
829 B 89ms
37ms Script
application/javascript 18.238.243.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/30787d05-7895-471e-9cdf-d931d7b5ea5d
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/propublica.org/htlbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.243.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-243-129.ams58.r.cloudfront.net
Software: CloudFront /
Resource Hash: d960ec924eb69e567c94f9ba13ed16056553c7ae133c0c489a5805307e04e3d0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 20:12:56 GMT
via: 1.1 e3d9ae12f22103dbc65c451ae520a012.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS58-P1
age: 2825
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 563
x-amz-cf-id: 3birc0IVSAV6vseuPkOvmsZsfPFyUi1AxLuVpubqh49cZmMkpHzhyw==

GET
H2 200 publisher.js Show response
client.aps.amazon-adsystem.com/ 281 KB
65 KB 139ms
53ms Script
application/javascript 18.239.18.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client.aps.amazon-adsystem.com/publisher.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/propublica.org/htlbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.18.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-18-118.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6201ebf345c6401919f56553dec235a998934d81856df98961c98b6af5a10a5f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 20:59:03 GMT
content-encoding: br
via: 1.1 2fb699a7d2ee3ddd9b1caad139f90e76.cloudfront.net (CloudFront)
last-modified: Tue, 11 Jun 2024 21:55:29 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P6
age: 59
x-amz-server-side-encryption: AES256
etag: W/"e164ed9a42ac69203b95d19e19d5f0b6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: zIR7nQ-L5JKhGjsG5gdULnr6v_YYSkxQ1b6BG4WUD2RgAgl4Fkjgvg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 313 KB
105 KB 68ms
68ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K9RW8M6GL5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K8BNLGX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cd3f91de898354a0567c5a23f86fa05bbbfa94c3327299b64e31eea1fab8146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106911
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 15 Jun 2024 21:00:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 73ms
34ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K8BNLGX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 15 Jun 2024 20:29:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1853
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 15 Jun 2024 22:29:08 GMT

GET
H3 200 ta.js Show response
static.trueanthem.com/scripts/ 731 B
1 KB 100ms
70ms Script
text/javascript 172.67.72.135
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.trueanthem.com/scripts/ta.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K8BNLGX

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.72.135 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bd39b2a848d8ef9910066b7c39e9742cc47bd2cf700c273e026c3f60d213d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 531
x-guploader-uploadid: ABPtcPpItgc2I0DsJO_7GYE6oUn-6YlLfjLFNN00iaFhkSf3B80tsH9uk6_A4DMuH5tJi3FTgKRkziQYFw
x-goog-storage-class: STANDARD
content-encoding: br
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 04:25:23 GMT
server: cloudflare
etag: W/"2d510096ac78a0ff3a40edae5d9c0c92"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=cFyq6Q==, md5=LVEAlqx4oP86QO2uXZwMkg==
x-goog-generation: 1680495923461532
content-type: text/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmKzfiq%2BXyQ0cJst9793Z6FpuMHSEMh6yESduLwUBCcbcyNALdz98CjWphyOw44mYSWZgPJWXphPZeqJnqPoy%2BpUZhFERPeRn%2B%2BmQLw%2F%2BY1cTfd5XCWNtRG1uOjEOt%2BwwXBj0ciW6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=86400
x-goog-stored-content-length: 731
cf-ray: 89457cbfd93818d8-FRA
expires: Sat, 15 Jun 2024 21:29:11 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 2549 0
0 177ms
100ms Document
text/html 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdI1rAUAAAAACI0GsFv-yRpC0tPF5ECiIMDUz2x&co=aHR0cHM6Ly93d3cucHJvcHVibGljYS5vcmc6NDQz&hl=de&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=luvfl5viaq5j

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vfO1eKGsARkijxthR-0jvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vfO1eKGsARkijxthR-0jvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jun 2024 21:00:02 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 204 3261149 Show response
vc.hotjar.io/sessions/ 0
233 B 206ms
50ms XHR
text/plain 54.230.228.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/3261149?s=0.25&r=0.029637985745629924
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.db8890ba82a7e392473f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.228.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-228-24.muc50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 15 Jun 2024 21:00:02 GMT
cache-control: no-store
via: 1.1 b87d7a7588235c761c8602f922d332f4.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P5
x-amz-cf-id: Q0SHqhW8NQLLzFrIvzhAoyMC-sXZkz9BVGh7tLkI6nVJWQmUod1qjw==
x-cache: Miss from cloudfront

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 53ms
53ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=566005988&t=pageview&_s=1&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fmicrosoft-solarwinds-golden-saml-data-breach-russian-hackers&ul=de-de&de=UTF-8&dt=Microsoft%20Refused%20to%20Fix%20Flaw%20Years%20Before%20SolarWinds%20Hack%20%E2%80%94%20ProPublica&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=476953740&gjid=1082379514&cid=598116592.1718485202&tid=UA-3742720-1&_gid=1883400721.1718485202&_r=1&_slc=1&gtm=45He46c0n81K8BNLGXv9102051180za200&cd1=Item&cd2=&cd3=Renee%20Dudley%2CDoris%20Burke&cd4=&cd5=June%2013%2C%202024%2005%3A00%3A00&cd6=National&cd7=Technology&cd8=Microsoft%20Chose%20Profit%20Over%20Security%20and%20Left%20U.S.%20Government%20Vulnerable%20to%20Russian%20Hack%2C%20Whistleblower%20Says&cd9=&cd10=&cd11=2362993&cd12=&cd13=V5&cd14=&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=1690033765

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/ 463 KB
144 KB 47ms
47ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

b2f25671517f19b9c477ca58527ed79a2f3902d04de4d0032c91caede08c885f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 20:58:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 88
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 147307
x-xss-protection: 0
server: cafe
etag: 17342946017096099043
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 15 Jun 2025 20:58:33 GMT

GET
H3 200 ta.c34341.js Show response
static.trueanthem.com/scripts/ 27 KB
11 KB 117ms
117ms Script
text/javascript 172.67.72.135
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.trueanthem.com/scripts/ta.c34341.js

Requested by

Host: static.trueanthem.com
URL: https://static.trueanthem.com/scripts/ta.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.72.135 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

469c3c3ebe581ecb1a3c893d20b642bbc014912693d13cc2bfd54de246e12c1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 289
x-guploader-uploadid: ABPtcPoS1J3q10pz_lYMntsdjV9tnAU1qUWsUBXlJXFCirUN1hUsu1kyF_wTSn_3HIfzs0E77jo
x-goog-storage-class: STANDARD
content-encoding: br
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 04:25:20 GMT
server: cloudflare
etag: W/"28b2dbdb03f096998a381f6126ddac4c"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=rvRlhw==, md5=KLLb2wPwlpmKOB9hJt2sTA==
x-goog-generation: 1680495920536276
content-type: text/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdCSnLbG5PTGnuq1yuWkvc4E8Q6iyyIbk4EFzdrPhak09vQoF%2FZzmAQaMLzprXv%2F4IoeHZiHhjA0Z7eBubnDTmHO5hnoN4TVuzE9PBhttfhPs98J65KXFZBQxLImdbPERuVlq0%2FFBg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=86400
x-goog-stored-content-length: 27234
cf-ray: 89457cc05a1918d8-FRA
expires: Sat, 15 Jun 2024 21:37:35 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 142ms
22ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-K9RW8M6GL5&gtm=45je46c0v874879369z89102051180za200zb9102051180&_p=1718485201615&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=598116592.1718485202&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1718485202&sct=1&seg=0&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fmicrosoft-solarwinds-golden-saml-data-breach-russian-hackers&dt=Microsoft%20Refused%20to%20Fix%20Flaw%20Years%20Before%20SolarWinds%20Hack%20%E2%80%94%20ProPublica&en=page_view&_fv=1&_ss=1&ep.contentType=Item&ep.authorName=Renee%20Dudley%2CDoris%20Burke&ep.seriesName=&ep.publicationDate=June%2013%2C%202024%2005%3A00%3A00&ep.contentRegion=National&ep.articleTopic=Technology&ep.articleTitle=Microsoft%20Chose%20Profit%20Over%20Security%20and%20Left%20U.S.%20Government%20Vulnerable%20to%20Russian%20Hack%2C%20Whistleblower%20Says&ep.contentLanguage=en&ep.craftId=2362993&ep.articleVersion=V5&ep.contentLocation=&ep.storyType=enterprise&ep.impact=false&ep.pageType=&tfd=1344&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9RW8M6GL5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 167ms
39ms Ping
text/plain 2a00:1450:400c:c0d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K9RW8M6GL5&cid=598116592.1718485202&gtm=45je46c0v874879369z89102051180za200zb9102051180&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9RW8M6GL5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 139ms
52ms Image
image/gif 142.251.209.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K9RW8M6GL5&cid=598116592.1718485202&gtm=45je46c0v874879369z89102051180za200zb9102051180&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1408461752

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.209.131 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ham11s07-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
351 B 159ms
36ms XHR
text/plain 2a00:1450:400c:c0d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-3742720-1&cid=598116592.1718485202&jid=476953740&gjid=1082379514&_gid=1883400721.1718485202&npa=1&_u=YEBAAEAAAAAAACAAI~&z=1757589096

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 15 Jun 2024 21:00:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 125ms
29ms XHR
application/javascript 18.239.70.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: client.aps.amazon-adsystem.com
URL: https://client.aps.amazon-adsystem.com/publisher.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.70.203 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-70-203.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
content-encoding: gzip
via: 1.1 d0ade5b002ae847eefd25c219f24b24c.cloudfront.net (CloudFront)
date: Sat, 15 Jun 2024 06:45:55 GMT
x-amz-cf-pop: AMS58-P4
age: 54057
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: sU9JfsBVRqPmjHUeCs-WX5nfS2BHrVKdAR7eRRjQBPUe5lZB4AYy0Q==

POST
H3 400 beacon
b.trueanthem.com/ 19 B
0 207ms
158ms Fetch
text/plain 172.67.72.135
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://b.trueanthem.com/beacon

Requested by

Host: static.trueanthem.com
URL: https://static.trueanthem.com/scripts/ta.c34341.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.72.135 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
surrogate-control: no-store
alt-svc: h3=":443"; ma=86400
content-length: 19
pragma: no-cache
server: cloudflare
access-control-max-age: 86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8X0P0%2FQ7C2VIk%2FGRFxrmmvhnAeNZC6BDWEwA84lhreXQ%2BZpryGFZl08scHjLLQhXgwOmhXenQiVtJC0mW0VMFFTZEA9wtmHyMXZ2cHIO3zCwPfjq8pL1mshx9hOvQh%2ByoXY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-ray: 89457cc16cd9699b-FRA
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 54ms
53ms Image
image/gif 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-3742720-1&cid=598116592.1718485202&jid=476953740&npa=1&_u=YEBAAEAAAAAAACAAI~&z=372320125

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 61ms
60ms Image
image/gif 142.251.209.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-3742720-1&cid=598116592.1718485202&jid=476953740&npa=1&_u=YEBAAEAAAAAAACAAI~&z=372320125

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.209.131 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ham11s07-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 modal-default.json Show response
www.propublica.org//api_components/ 229 B
622 B 202ms
201ms Fetch
application/json 104.16.251.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.propublica.org//api_components/modal-default.json

Requested by

Host: assets.propublica.org
URL: https://assets.propublica.org/static/prod/v5/js/main.2c37ba76.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.251.51 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35c01498a3be0793785dad3d1b5b7a1b64ba285c338bac59c17bae859e564492

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-debug: Cached
x-origin: v3-www.propublica.org
server: cloudflare
content-encoding: br
vary: Accept-Encoding
onion-location: http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/api_components/modal-default.json
content-type: application/json; charset=UTF-8
x-author: queue-worker
cf-ray: 89457cc2cd409073-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 397 B
937 B 87ms
33ms Script
application/javascript 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: www.propublica.org
URL: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558e4401d2a0f2ffb405445ea1a6735ad0ef0cfe565bb40fdce690a279f125dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
x-amz-version-id: 6lO8NjsbLcTUW7NJv6gdlhfGQiWe5rL8
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: AWFC2HF5Y2SH803V
age: 318
x-amz-server-side-encryption: AES256
x-amz-id-2: h60CLtAZVzQMXHihqYC4SorRj9WbiJtKelqH19r8IuAAC6hstrglIUC0nRxOVRtJC/w4izsssEs=
last-modified: Thu, 13 Jun 2024 15:16:52 GMT
server: cloudflare
etag: W/"9a222997e7138e9862bbf2f28fb2a325"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWBnVI8niEixSbsQL%2F%2BW1kRZJr5evzB66DYA9IvxcURGKMpGtW5XgTW9zuaVyELN76Z2FWm4n1i34%2FKMJkogm%2Fpi1xFZrBwiei2L5zCph1NmB0W7WkE8LDbXeVg6CmWEEGP%2Fpw5GjsFumYsIkHjPLXASvGw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 89457cc31bcc65ab-FRA

GET
H3 200 icon.min.svg
assets.propublica.org/static/prod/v5/images/ 760 B
905 B 187ms
187ms Other
image/svg+xml 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/images/icon.min.svg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38612cda05ab573cee15c92de7d79ba05e20826b5556105bbe2bae7115336249

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
x-amz-request-id: 4TJ0T40CT4Y9EDSN
etag: W/"0e3cc0ffcf4d11a7c12de2484b21cae8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 89457cc2db15926d-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2X07sN7TmDMKrE6+d9Mg0AYiYmInU5m4IZ8j6CUcR+iX47yxdIhJ/BUpAt34jyWMkn250INu3Yo=
expires: Sun, 16 Jun 2024 21:00:02 GMT

GET
H2 200 match-prod-b88d789f77e4afe4162d.js Show response
platform.iteratehq.com/ 75 KB
26 KB 51ms
51ms Script
application/javascript 2606:4700:20::681a:7e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-b88d789f77e4afe4162d.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e04400f33c6e8aa596439c0df513835de6f23af529b94f0c4ed77518c33b1050

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
x-amz-version-id: wFFRke_wW2lBtqnNw4Xbv6kW6FER0sF5
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: AWF6RE1J1FW183H1
age: 193356
x-amz-server-side-encryption: AES256
x-amz-id-2: PpxzoiS0nCNwZx4ps6R5g5h4ugxR5FCGLzi7Yg8guYQK9OwuSIyCgRzQtz9z1a0CETKqq8229UtVLSHnuDklGnTjaWJEdRqt
last-modified: Thu, 13 Jun 2024 15:16:51 GMT
server: cloudflare
etag: W/"957affa908960170127aac33c0811940"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npXxx2zCCHZnqnMlAmDYLMlfeocFQjbT4TGZ0AaOaLKgcQiFRr6iu7rC%2FfBhBoEKCVDr%2BXPkwurL79ThtOq6WTPa7%2Ba6DJEafc2AQBCPHNLAi6qU7pvDeCufTKrThxcUIuGj9iTqcWTLiC5GERmWpAkXPJ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 89457cc35c4865ab-FRA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 196ms
139ms Preflight
text/plain 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.propublica.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 89457cc41d3d9b94-FRA
content-length: 0
content-type: text/plain; charset=utf-8
date: Sat, 15 Jun 2024 21:00:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7i%2FZTe9lb2ewEM1Sm%2FslNEwAOLjscqSxfAkhQ6Wp7zj6g9qu1qKe5uZ1Latptg6KkYfrdkG3isTTksvk3S0m7LY2UedTxCAAA40P7XLbVggEsu1F0kRdJEUwPwNDs7SjQl6nTDqALxacK90%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 301 B
580 B 133ms
133ms Fetch
application/json 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-b88d789f77e4afe4162d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4022817bd1b3ca241214e1e6b5be1791701cfdabff5c1226c78a7dd43e8a69f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNjJmM2M2ZGNjYmVhNDQwMDAxNDZmMjRjIiwiaWF0IjoxNjYwMTQzMzI1fQ.HJYYZWnRLo7nKQHPteT9eeNeXePWXpYAyhaNyFAES-Y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99JWvs47dSM1oWMAO%2FyjqwjzpjkEmUchuU%2F46P06KhyiCroKFExhsODHT3YrSDMMLju%2FtXUw%2BFLQ%2Bctswro2QJGWzr1wP8ie0UAs2ZtrDbLQmaPkP51k9E3nep0BdcxXB%2FyY%2BWzy6YxQrDE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 89457cc4fe6e9b94-FRA

GET
H3 200 favicon.ico
assets.propublica.org/static/prod/v5/images/ 25 KB
9 KB 180ms
180ms Other
image/x-icon 104.16.252.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.propublica.org/static/prod/v5/images/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.252.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8796e78a474cc95aff438ec3edbd53b8f73f2070908071d0bf3ff52dfad467e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jun 2024 14:15:15 GMT
server: cloudflare
x-amz-request-id: HXAMCR191TM3BGCY
etag: W/"7618a5468d045023863395f178884d55"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: public, max-age=86400
cf-ray: 89457cc41ce4926d-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KudiW62/a9si+AW9GBI7nwl82m4YuZ0P2vGpfeLzdx6ED+4YD5VLrMVGH007kdabZ4nS3hyvNeE=
expires: Sun, 16 Jun 2024 21:00:02 GMT

GET
H/1.1 200
OK 1x1-pixel.png
ams-pageview-public.s3.amazonaws.com/ 68 B
448 B 366ms
112ms Image
image/png 16.182.32.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=dd5659ffad64
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 16.182.32.225 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 15 Jun 2024 21:00:04 GMT
Last-Modified: Mon, 26 Oct 2020 16:52:19 GMT
Server: AmazonS3
x-amz-request-id: 8J5D7471KAB6ZDQ3
ETag: "91e42db1c66c0b276abf6234dc50b2eb"
Content-Type: image/png
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 68
x-amz-id-2: 6tHJ+Qm8OOdQMzXFwPXeeqozQzJlC/GbkZ5NSm+4wp2fN6PNKbiC8Mc4JLLQiPUSTI3BUWFjT2Y=

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 52 B
369 B 130ms
130ms Fetch
application/json 2606:4700:20::ac43:479c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-b88d789f77e4afe4162d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0d9062ba9629450ab6f4e3decca65b9614585ae62d41e284fdb6b26b03c0e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NjZlMDBkMmU4MmQzMDAwMDE4ZDc4ODAiLCJjb21wYW55X2lkIjoiNjJmM2M2ZGNjYmVhNDQwMDAxNDZmMjRjIiwiaWF0IjoxNzE4NDg1MjAyfQ.nv4jf_AvnJmPS744Tqp2Q3wfXPwTCyJVNTUR2n6cLfE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 21:00:03 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nx6JWVIzuHQUrAt1SgMJK3q%2BRLA6CPao6Bz4zjgu0%2FkHAIj4KoSu6uQs621DyEoMy8DI47vczsDZvLZD4Wdb59e4Wyy3J8tW39GtdzC9b7o5%2BIatKe0NzjB5Qf6S1RYPYvdxtQ2AxmmSR7E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 89457cc6e97b9b94-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 19ms
18ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-K9RW8M6GL5&gtm=45je46c0v874879369z89102051180za200zb9102051180&_p=1718485201615&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=598116592.1718485202&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sid=1718485202&sct=1&seg=0&dl=https%3A%2F%2Fwww.propublica.org%2Farticle%2Fmicrosoft-solarwinds-golden-saml-data-breach-russian-hackers&dt=Microsoft%20Refused%20to%20Fix%20Flaw%20Years%20Before%20SolarWinds%20Hack%20%E2%80%94%20ProPublica&_s=2&tfd=6346&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9RW8M6GL5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 15 Jun 2024 21:00:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.propublica.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 01:40:37	Name: _GRECAPTCHA Value: 09AMFr3irisbOcSZgCizh4Sw7Dbxb-8x4ndin19VOIPAhC3qFzC5yr3WjBUqrxwbgK01FiQ38kn15WMbnNyxdtsPk
.propublica.org/	1970-01-21 01:44:13	Name: _conv_v Value: vi%3A1sc%3A1cs%3A1718485202fs%3A1718485202pv%3A1
.propublica.org/	1970-01-20 21:21:26	Name: _conv_s Value: si%3A1sh%3A1718485201628-0.13552373381716243pv%3A1
.propublica.org/	1970-01-21 00:14:13	Name: ppfun Value: 0\|1\|0\|13sk6zw\|55nl\|0=1
.propublica.org/	1970-01-20 21:21:27	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers%22%2C%22sref%22:%22%22%2C%22sts%22:1718485201731%2C%22slts%22:0}
.propublica.org/	1970-01-21 06:50:49	Name: _parsely_visitor Value: {%22id%22:%22pid=c71cc1ae-676c-474b-a76c-6ed0ec515522%22%2C%22session_count%22:1%2C%22last_session_ts%22:1718485201731}
www.propublica.org/	1970-01-20 21:21:27	Name: sailthru_pageviews Value: 1
.propublica.org/	1970-01-21 06:07:01	Name: _hjSessionUser_3261149 Value: eyJpZCI6IjhjNTI0MjQ2LTE4MTUtNWI4Yy1iZDk1LTViMjAyN2U5YjBiMiIsImNyZWF0ZWQiOjE3MTg0ODUyMDE5MzUsImV4aXN0aW5nIjp0cnVlfQ==
.propublica.org/	1970-01-20 21:21:27	Name: _hjSession_3261149 Value: eyJpZCI6IjQ5YmMzOTVkLTNhNWItNDJjZS04YTMyLWYyYmZlN2Q0OWZlMSIsImMiOjE3MTg0ODUyMDE5MzUsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.propublica.org/	1970-01-20 21:22:51	Name: _gid Value: GA1.2.1883400721.1718485202
.propublica.org/	1970-01-20 21:21:25	Name: _gat_UA-3742720-1 Value: 1
.propublica.org/	1970-01-21 06:57:25	Name: _ga Value: GA1.1.598116592.1718485202
www.propublica.org/	1970-01-21 06:07:01	Name: sailthru_content Value: 7b7ab64000f976aea7e70585d7234721
www.propublica.org/	1970-01-21 06:07:01	Name: sailthru_visitor Value: a35c91c5-d9e0-4225-9bf6-08815266ef28
.propublica.org/	1969-12-31 23:59:59	Name: _cfuvid Value: Y_eLDFJl6dKllSUwT5u3nuVwUsq9kLp8REsLREbDlds-1718485202552-0.0.1.1-604800000
.propublica.org/	1969-12-31 23:59:59	Name: pp_cta_last_viewed Value: 1718485202570
.propublica.org/	1970-01-21 06:57:25	Name: _ga_K9RW8M6GL5 Value: GS1.1.1718485202.1.0.1718485202.60.0.0
.propublica.org/	1970-01-21 06:57:25	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NjZlMDBkMmU4MmQzMDAwMDE4ZDc4ODAiLCJjb21wYW55X2lkIjoiNjJmM2M2ZGNjYmVhNDQwMDAxNDZmMjRjIiwiaWF0IjoxNzE4NDg1MjAyfQ.nv4jf_AvnJmPS744Tqp2Q3wfXPwTCyJVNTUR2n6cLfE

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://b.trueanthem.com/beacon Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak.sail-horizon.com
ams-pageview-public.s3.amazonaws.com
api.sail-personalize.com
assets.propublica.org
b.trueanthem.com
c.amazon-adsystem.com
cdn-4.convertexperiments.com
cdn.parsely.com
client.aps.amazon-adsystem.com
config.aps.amazon-adsystem.com
htlbid.com
img.assets-d.propublica.org
iteratehq.com
p1.parsely.com
platform.iteratehq.com
region1.analytics.google.com
script.hotjar.com
securepubads.g.doubleclick.net
static.hotjar.com
static.propublica.org
static.trueanthem.com
stats.g.doubleclick.net
vc.hotjar.io
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.propublica.org
104.16.251.51
104.16.252.51
142.250.181.226
142.251.209.131
16.182.32.225
172.217.18.4
172.67.72.135
18.164.52.121
18.173.155.56
18.173.187.80
18.238.243.129
18.239.18.118
18.239.70.203
18.239.94.85
2001:4860:4802:34::36
2606:4700:20::681a:7e5
2606:4700:20::ac43:479c
2606:4700::6810:fb33
2606:4700::6810:fc33
2a00:1450:4001:800::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:831::200e
2a00:1450:400c:c0d::9b
2a02:26f0:ab00:39e::14a9
52.17.99.225
54.230.228.115
54.230.228.24
75.2.40.13
00ae2a479a40471a2ee0aafc4e7dafba5123f2b219d91563d52b56853a3bea13
053a9b913df62d6f62e05479e93d679953d2cf19de25301648d4701d838f7e17
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
235e09faf6bd00c79ebcce860fca8bf7cadf5d74e261f816d712213bffcaefea
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d37fa0a940ef2f88de528f4a504ad94c6567b3a45a46231cd9656e6b98b1bba
304a596bb9715360b71c3002d94553e04943f56dffbbefcf5c3ce3efc60db4a5
32dc8e5b62c5072ca082fa0825e8c4817e38eb60435f8bf4c54ac7bf5ce3801c
35c01498a3be0793785dad3d1b5b7a1b64ba285c338bac59c17bae859e564492
38612cda05ab573cee15c92de7d79ba05e20826b5556105bbe2bae7115336249
3cd3f91de898354a0567c5a23f86fa05bbbfa94c3327299b64e31eea1fab8146
4022817bd1b3ca241214e1e6b5be1791701cfdabff5c1226c78a7dd43e8a69f9
469c3c3ebe581ecb1a3c893d20b642bbc014912693d13cc2bfd54de246e12c1d
5251b32998770dc4eb0f8619f8ee3ce8180f29c7eab4a960abac13d11c8953cc
558e4401d2a0f2ffb405445ea1a6735ad0ef0cfe565bb40fdce690a279f125dc
5d88b11581cbcd64e763300d8338a8af23092f68e9e0b5d2a43970c79353beb8
5ec536d91535572eebd0e475256a3ef52b17500a83fe5e5ee6865758ea57dbc3
5ef0d3a2ba9b940ee53a1955cfe0de04a98c87831f9d4cb67a22215609a0e88a
5f75efe09e9a15de6732fbf32bb96bd5d570689576f84be9763fe6147f3f405c
60583255c16aa2f8c3c4a9dc5956f56c3df772aa801046bacc420b4a13d94e8a
6201ebf345c6401919f56553dec235a998934d81856df98961c98b6af5a10a5f
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6407c87204c820e7f94f1e129190e3f3589f59c4768cc97c3a76d43075d8f2fa
7a92eee0db3cb15abcd573879561749c8fc4115811eadd1b988dbaf187f75634
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
890a308f110701f892cbb8d923d529a06c44e5bbeafa6b92df2fae66f3706bd1
8989c627968d589e565262b2ce0406bf93726469ee30fef279c33cc5755db7ce
89a2840e72b9ea060982f79dd7c1ac1cc747617f2bd9790b79ac09497d97fe8f
89bd39b2a848d8ef9910066b7c39e9742cc47bd2cf700c273e026c3f60d213d2
91b5da489ea202e119ea66df5393476ffc8a42314a57f4f8719ed547bdebdb19
9a2ea3c7c2fe0f7e9782221b00e2c6f56086a661887cc51c36dc66bc590b804a
9ce372d43a91580bdc4185d48a02bef4b7954c49e721e181fa02b656eaa61213
9d0e4f449b610645f1a4eb073b77e740bd31f8f43dae9b9e9f9ea91ac3a652d6
9fc436708172513c9cea402f9697fc8263738047e54bf6ccea7832dbdf4e017c
a62e69a28b9ad8b51c67626ace88ae2b3848fc08986e45717acf6f7245991bcf
a62ee001f1b8313b0030ddf9c3a30c789075a2a4a9065557ab76c46d088bbe0f
a8796e78a474cc95aff438ec3edbd53b8f73f2070908071d0bf3ff52dfad467e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0d9062ba9629450ab6f4e3decca65b9614585ae62d41e284fdb6b26b03c0e3b
b2f25671517f19b9c477ca58527ed79a2f3902d04de4d0032c91caede08c885f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d214fb391d923c4bca3241b584153c449b7eace8e9359a58724591c949be2b09
d3884bc713cb5a627601c698c23e35773a26df0834336c1ec44dc99850405bda
d4ce98fa4353e64588aad264956ad0f88cb480c19f3a85a89028c8b51ef8082e
d865eecf3e86c11ab224434aecb84384c87cd8e52f5f0d5fb2f9b5291eab8578
d960ec924eb69e567c94f9ba13ed16056553c7ae133c0c489a5805307e04e3d0
dbfe02f7b4e6a9f774d6319770c818b90edc9484a11df766aef0122a7bc81df9
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e04400f33c6e8aa596439c0df513835de6f23af529b94f0c4ed77518c33b1050
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f35e78222f56db6a988483a77fbcaa4f9b68215b3cda625eedba5f0584b89436
f808efb0008c330b54657e52c9a9a23470ec17460fc5aadc59ad1f9e26988030

www.propublica.org Open in urlscan Pro 2606:4700::6810:fb33 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

60 Requests

100 %HTTPS

36 %IPv6

18 Domains

29 Subdomains

29 IPs

5 Countries

2585 kBTransfer

5330 kBSize

18 Cookies

52 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.propublica.org Open in urlscan Pro
2606:4700::6810:fb33 Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

100 %
HTTPS

36 %
IPv6

18
Domains

29
Subdomains

29
IPs

5
Countries

2585 kB
Transfer

5330 kB
Size

18
Cookies

60 HTTP transactions
2 data transactions