www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Submission: On September 18 via api (September 18th 2023, 3:17:20 pm UTC) from DE — Scanned from DE

Summary HTTP 208 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 63 IPs in 3 countries across 46 domains to perform 208 HTTP transactions. The main IP is 2606:2c40::c73c:67e4, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 444204.
TLS certificate: Issued by E1 on August 31st 2023. Valid for: 3 months.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:6ed1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.215.20.4 23.215.20.4	16625 (AKAMAI-AS) (AKAMAI-AS)
11	2a04:4e42:400... 2a04:4e42:400::644	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700::68... 2606:4700::6811:4341	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.244.28.107 18.244.28.107	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.159.227.151 34.159.227.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:261... 2600:9000:2611:cc00:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:880f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:90e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
4	18.193.29.230 18.193.29.230	16509 (AMAZON-02) (AMAZON-02)
10	2.17.100.184 2.17.100.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	54.144.37.180 54.144.37.180	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.97.53 18.66.97.53	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:4dba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e6a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:5a9a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7a0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.146.203.247 54.146.203.247	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:21f... 2600:9000:21f3:ba00:1e:c86:4140:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.227.219.28 13.227.219.28	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:20e... 2600:9000:20eb:9000:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
2	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	18.239.36.120 18.239.36.120	16509 (AMAZON-02) (AMAZON-02)
1	63.32.22.194 63.32.22.194	16509 (AMAZON-02) (AMAZON-02)
1	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:280... 2a02:26f0:280:4::213:7861	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	20.122.63.128 20.122.63.128	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
40	13.32.110.80 13.32.110.80	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:236... 2600:9000:236e:9200:3:471f:5240:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.137.44.115 216.137.44.115	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:21f... 2600:9000:21f3:f000:1e:c86:4140:93a1	16509 (AMAZON-02) (AMAZON-02)
7	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
208	63

32 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:6ed1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.215.20.4 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-20-4.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a04:4e42:400::644 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:4341 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.28.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-28-107.cdg52.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

3911692.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.159.227.151 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.227.159.34.bc.googleusercontent.com

webhooks.fivetran.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2611:cc00:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:880f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.193.29.230 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-29-230.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.144.37.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-37-180.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4dba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:5a9a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7a0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.146.203.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-203-247.compute-1.amazonaws.com

bidagent.xad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:ba00:1e:c86:4140:93a1 (United States)

ASN16509 (AMAZON-02, US)

embed-ssl.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-28.ams54.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:9000:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.36.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-120.ams58.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.22.194 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-22-194.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:280:4::213:7861 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

p.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 13.32.110.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-80.vie50.r.cloudfront.net

rc-widget-frame.js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:236e:9200:3:471f:5240:93a1 (United States)

ASN16509 (AMAZON-02, US)

pipedream.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.137.44.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-216-137-44-115.lhr61.r.cloudfront.net

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:f000:1e:c86:4140:93a1 (United States)

ASN16509 (AMAZON-02, US)

embed-cloudfront.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
customer.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	driftt.com js.driftt.com — Cisco Umbrella Rank: 13932 rc-widget-frame.js.driftt.com — Cisco Umbrella Rank: 298847	471 KB
32	huntress.com www.huntress.com — Cisco Umbrella Rank: 444204	1 MB
18	wistia.com fast.wistia.com — Cisco Umbrella Rank: 9847 embed-ssl.wistia.com — Cisco Umbrella Rank: 17088 pipedream.wistia.com — Cisco Umbrella Rank: 14616 distillery.wistia.com — Cisco Umbrella Rank: 14876 embed-cloudfront.wistia.com	465 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 14010 c.6sc.co — Cisco Umbrella Rank: 19472 ipv6.6sc.co — Cisco Umbrella Rank: 14550 b.6sc.co — Cisco Umbrella Rank: 7792	20 KB
7	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 17567 customer.api.drift.com — Cisco Umbrella Rank: 21298 metrics.api.drift.com — Cisco Umbrella Rank: 17251 event.api.drift.com	5 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1290 p.clarity.ms — Cisco Umbrella Rank: 11015 c.clarity.ms — Cisco Umbrella Rank: 2092	28 KB
7	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 8688 forms-na1.hsforms.com — Cisco Umbrella Rank: 15083 perf.hsforms.com — Cisco Umbrella Rank: 28818	6 KB
6	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 25762 scout.salesloft.com — Cisco Umbrella Rank: 30841	7 KB
6	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 27294 app.hubspot.com — Cisco Umbrella Rank: 10205 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 12419 track.hubspot.com — Cisco Umbrella Rank: 4798	97 KB
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 7471 px.ads.linkedin.com — Cisco Umbrella Rank: 830 www.linkedin.com — Cisco Umbrella Rank: 951 px4.ads.linkedin.com — Cisco Umbrella Rank: 7048	165 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1600 analytics.twitter.com — Cisco Umbrella Rank: 1065 syndication.twitter.com — Cisco Umbrella Rank: 1900	133 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4568	9 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	276 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 691 c.bing.com — Cisco Umbrella Rank: 481	16 KB
4	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1878 www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 4608	16 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 43359 ibc-flow.techtarget.com — Cisco Umbrella Rank: 52165	2 KB
3	hubspotusercontent-na1.net 3911692.fs1.hubspotusercontent-na1.net	154 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	25 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	273 KB
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3977 content.hotjar.io — Cisco Umbrella Rank: 8895	419 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	235 B
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 2079	732 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9369 forms.hscollectedforms.net — Cisco Umbrella Rank: 9513	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1261 script.hotjar.com — Cisco Umbrella Rank: 1629	59 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1593	9 KB
2	fivetran.com webhooks.fivetran.com — Cisco Umbrella Rank: 45891	325 B
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5551	2 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 558	35 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 1243	35 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 806	573 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 2076	637 B
1	t.co t.co — Cisco Umbrella Rank: 707	377 B
1	xad.com bidagent.xad.com — Cisco Umbrella Rank: 19602	342 B
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 8779	86 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 6573	3 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 4629	22 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1759	8 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 21889	1 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10820	2 KB
1	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 64392	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1078	15 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	455 B
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12088	6 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 4286	362 B
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 20014	2 KB
208	46

	Domain	Requested by
40	rc-widget-frame.js.driftt.com	js.driftt.com rc-widget-frame.js.driftt.com
32	www.huntress.com	www.huntress.com
11	fast.wistia.com	www.huntress.com fast.wistia.com
7	b.6sc.co	www.huntress.com
4	scout.salesloft.com	scout-cdn.salesloft.com
4	tags.srv.stackadapt.com	www.huntress.com tags.srv.stackadapt.com
4	connect.facebook.net	www.huntress.com connect.facebook.net
3	embed-cloudfront.wistia.com	fast.wistia.com
3	track.hubspot.com
3	p.clarity.ms	www.clarity.ms
3	perf.hsforms.com	www.huntress.com
3	px.ads.linkedin.com	3 redirects
3	forms.hsforms.com	www.huntress.com
3	js.hs-banner.com	www.huntress.com js.hs-banner.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.huntress.com
3	3911692.fs1.hubspotusercontent-na1.net	www.huntress.com
3	cdnjs.cloudflare.com	www.huntress.com
3	www.googletagmanager.com	www.huntress.com www.googletagmanager.com
2	event.api.drift.com	rc-widget-frame.js.driftt.com
2	customer.api.drift.com	rc-widget-frame.js.driftt.com
2	bootstrap.api.drift.com	rc-widget-frame.js.driftt.com
2	c.clarity.ms	1 redirects
2	pipedream.wistia.com	fast.wistia.com
2	www.facebook.com	www.huntress.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	cdn.linkedin.oribi.io	snap.licdn.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	platform.twitter.com	www.huntress.com platform.twitter.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com www.huntress.com
2	region1.google-analytics.com	www.googletagmanager.com
2	webhooks.fivetran.com	cdn.jsdelivr.net
2	scout-cdn.salesloft.com	www.huntress.com
2	dev.visualwebsiteoptimizer.com	www.huntress.com
2	cdn.jsdelivr.net	www.huntress.com
2	code.jquery.com	www.huntress.com
1	metrics.api.drift.com	rc-widget-frame.js.driftt.com
1	distillery.wistia.com	fast.wistia.com
1	c.bing.com	1 redirects
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	content.hotjar.io	script.hotjar.com
1	vc.hotjar.io	script.hotjar.com
1	syndication.twitter.com	platform.twitter.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	forms-na1.hsforms.com	www.huntress.com
1	px4.ads.linkedin.com	www.huntress.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	embed-ssl.wistia.com	www.huntress.com
1	alb.reddit.com	www.huntress.com
1	analytics.twitter.com	www.huntress.com
1	t.co	www.huntress.com
1	cta-service-cms2.hubspot.com	www.huntress.com
1	bidagent.xad.com	www.huntress.com
1	app.hubspot.com	www.huntress.com
1	js.hsleadflows.net	www.huntress.com
1	js.hscollectedforms.net	www.huntress.com
1	js.hsadspixel.net	www.huntress.com
1	js.hs-analytics.net	www.huntress.com
1	static.hotjar.com	www.huntress.com
1	www.redditstatic.com	www.huntress.com
1	tracking.g2crowd.com	www.huntress.com
1	trk.techtarget.com	www.huntress.com
1	ws.zoominfo.com	www.huntress.com
1	cdn.metadata.io	www.huntress.com
1	static.ads-twitter.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	js.driftt.com	www.huntress.com rc-widget-frame.js.driftt.com
1	static.hsappstatic.net	www.huntress.com
1	no-cache.hubspot.com	www.huntress.com
1	s7.addthis.com	www.huntress.com
1	cdn2.hubspot.net	www.huntress.com
1	platform.linkedin.com	www.huntress.com
208	76

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
www.csoonline.com
twitter.com
github.com
www.youtube.com
www.scip.ch
lh4.googleusercontent.com
docs.microsoft.com
www.elastic.co
attack.mitre.org
linkedin.com
www.linkedin.com
www.facebook.com
www.bizratings.com

Subject Issuer	Validity	Valid
www.huntress.com E1	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
webhooks.fivetran.com R3	`2023-08-01` - `2023-10-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.metadata.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-18` - `2024-01-07`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-27` - `2023-09-25`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
bidagent.xad.com Amazon RSA 2048 M01	`2023-05-03` - `2024-05-31`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
*.wistia.com Amazon RSA 2048 M01	`2023-01-31` - `2024-02-29`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
*.drift.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
pipedream-production-cloudfront-app-cname.wistia.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-09`	a year	crt.sh
stats-tap-production-cloudfront-app-cname.wistia.com Amazon RSA 2048 M01	`2023-09-13` - `2024-10-11`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Frame ID: 9CE7EAF4B2A19C321AA9B6A585FF767B
Requests: 155 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Frame ID: F728D4CA85C9C801324960E5EED4A056
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 2FEC9211DD71BCC4469553209F1DE0E3
Requests: 1 HTTP requests in this frame

Frame: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Frame ID: 90386018923B68E32A18F40A1963705C
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

208
Requests

98 %
HTTPS

60 %
IPv6

46
Domains

76
Subdomains

63
IPs

3
Countries

3685 kB
Transfer

9756 kB
Size

64
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login Access Your Huntress Dashboard

Search URL Search Domain Scan URL

URL: https://support.huntress.io/
Title: Support Documentation Technical Product Support, FAQs & More

Search URL Search Domain Scan URL

URL: https://www.csoonline.com/article/3438824/how-to-detect-and-halt-credential-theft-via-windows-wdigest.html
Title: UseLogonCredential

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet
Title: Grzegorz Tworek's

Search URL Search Domain Scan URL

URL: https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Title: NPPSPY

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=ggY3srD9dYs
Title: 1

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1465282548494487554?s=20&t=Hp4bI4d0cIuZGtl8Ulm0TQ
Title: 2

Search URL Search Domain Scan URL

URL: https://www.scip.ch/en/?labs.20220217
Title: have already written about this technique

Search URL Search Domain Scan URL

URL: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003/T1003.md#atomic-test-2---credential-dumping-with-nppspy
Title: Atomic Red’s

Search URL Search Domain Scan URL

URL: https://twitter.com/gleeda
Title: Jamie Levy

Search URL Search Domain Scan URL

URL: https://twitter.com/keydet89
Title: Harlan Carvey

Search URL Search Domain Scan URL

URL: https://twitter.com/davekleinatland
Title: Dave Kleinatland

Search URL Search Domain Scan URL

URL: https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy/Get-NetworkProviders.ps1
Title: provides this script

Search URL Search Domain Scan URL

URL: https://github.com/keydet89/RegRipper3.0
Title: RegRipper v3.0

Search URL Search Domain Scan URL

URL: https://lh4.googleusercontent.com/SHABn5qXm_ZcG9BfGpPgylNY5fAYgyr1mSQKuMA0WRhxdhRZFz4G3tY9CJtE9mVQa40NhB62KtjGMr-pfzXrHw_aL2iQL6dbHtX1hsQIz2C5JJJMBWUd89u6UuCgNimJaOK1j9t9c7oj_NLKa3zvyMw

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Title: Sysmon

Search URL Search Domain Scan URL

URL: https://www.elastic.co/guide/en/security/current/network-logon-provider-registry-modification.html
Title: Elastic has a rule query

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/
Title: OS Credential Dumping - ATT&CK T1003

Search URL Search Domain Scan URL

URL: https://twitter.com/Purp1eW0lf
Title: @ me on Twitter

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/drayagha

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntress-labs/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/huntresslabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/huntresslabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Huntress/featured
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.bizratings.com/Huntress-Labs-Incorporated
Title: BizRatings

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1695050233265%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fblog%252Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cookiesTest=true&liSync=true&e_ipv6=AQKKM8LSv8bNKAAAAYqo3foc31BesJASVvJkIYy8_aYIErHoVWWugrhSCt-9OALu_MksR9A

Request Chain 145

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&RedC=c.clarity.ms&MXFR=1738D2C1C7266C8020A7C151C32662C6 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&MUID=34D702ECD7896B6024D8117CD6256AF4

208 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy Show response
www.huntress.com/blog/ 160 KB
30 KB 652ms
394ms Document
text/html 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c3843f5ff1686c13c58f9ce11922ae422e2884eff7e01291b47da7522955de6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 808a8dec0df85caa-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 18 Sep 2023 15:17:12 GMT
edge-cache-tag: CT-72280604204,CT-74123672464,CT-81792409861,CT-99025478804,CG-39343107504,P-3911692,L-37647219354,L-38940492861,L-97832688913,CW-37647184945,CW-37647219358,CW-37648091485,CW-37648262592,CW-72308060713,CW-97827380338,E-37640723000,E-37647164007,E-37647184944,E-67886983812,MENU-38395296852,MENU-38397117900,PGS-ALL,SW-4,B-39343107504,GC-38395296829,GC-97827380396
etag: W/"460e5eda08f02550b8b240c6a6cb887b"
last-modified: Sun, 17 Sep 2023 09:09:22 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
permissions-policy: microphone=(), geolocation=(), camera=()
referrer-policy: strict-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91aF%2Fac%2B5A3n1xmZ8sDvpCK7%2FYnqlsrrF9RZ9QDnPd%2FwNKbMeQgH5ZToVgdjlL7OPEqRfjvAFIqcG64y77plsoLz9kEg5KEZuQWCgZEAaHlDRryc8EIqMxXE%2BfdJqz15RMgfcaw0CnElytMqgAM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 81792409861
x-hs-https-only: worker
x-hs-hub-id: 3911692
x-hs-prerendered: Sun, 17 Sep 2023 09:09:22 GMT

GET
H2 200 module_97827380338_POWER_Header_V2c.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1694782374906/ 9 KB
3 KB 87ms
85ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1694782374906/module_97827380338_POWER_Header_V2c.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9376df9b8822a7f057796704e3cb466577faa32f94b2460a2429944cc16c9489

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1844
x-amz-request-id: N1RS4JRTAN3W7AE0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"9e5756eb6d9de94905780a4ca74a859a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694782374906
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xTH6e2aCzntO0qp1fZ_Uf0NPwvQMYCHV
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a429c7d6-488c-4819-88bb-3500f94c360f
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 214
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4fPfqWllZYykNmKs8I3CFBx9Qg2SsF6Z9dm34zq379tyncJqrCZ7xwbX/ajtpdCcHql+OHtoA/s=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a429c7d6-488c-4819-88bb-3500f94c360f
last-modified: Fri, 15 Sep 2023 12:52:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNOWVdPmLSxtYRp0OGVJvzv03SbJkepsB1apLUoD%2BtX959wZgK5TgnOpwwIaJmjDn79%2BpL7UHBUn7gIrP9BuCr2LCxDZCkwyyxr8djJCQVKRQkIgfeVkAU6qwOfu4%2ByRVToSYJTwt6DRpkC7id8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-pfskq
access-control-allow-credentials: false
cf-ray: 808a8dee89885caa-FRA
x-amz-cf-id: fnqBqkZaMAy91PalEIOxfRgbJXj01DbVdTnl2GZ_MQnUMQh5pRJGTg==

GET
H2 200 module_37647219358_POWER_Blog_Post_Header.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/ 74 B
1 KB 91ms
89ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/module_37647219358_POWER_Blog_Post_Header.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: TXTWNYN5A2MAME0J
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"69dec35879b2f3061c26e9b58f93b109"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1639032908209
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 49upZA48BAIxdOk80QHxcPVW7u781vZq
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 141
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j6cke6u+K9ftBD4JgD9bS9gkFeHOn1zbDGu0kJtCVSBf4d7xoO7YASABCBoCFNWavrAQirEo0zw=
x-request-id: cceabd0a-98ae-49c5-8e64-6bd0900f8e07
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 09 Dec 2021 06:55:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFmMPmGS4pmr9cKWQ%2FNNHVdUJgQ%2FDH2xrttWh0NTdD0ciMMO%2BckN%2FgNzw9reJ8C0mGdnV6JB22zT06HsUdgrhJOveVaxraQ3urES7oEZ3hLAfzBm12EG3TrjEyS2Vx7u7iF7OlV%2BAvN%2BVCTh2OQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials: false
cf-ray: 808a8dee998d5caa-FRA
x-amz-cf-id: op2DSjNCpKMKjsHNsZXnO4ifXPeB-SHjmSj-pw8pj4SJOM1qNQlY5Q==

GET
H2 200 module_37648262592_POWER_Blog_Post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897767095/ 3 KB
2 KB 86ms
84ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897767095/module_37648262592_POWER_Blog_Post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: SRZYA51K2AWBZD9P
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"32d40d380ad9ef9fa7e8201229f3af48"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684897767095
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2N_OvH8qkRvBOxJfx8AC8YDbr.hUy2zf
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 148
alt-svc: h3=":443"; ma=86400
x-amz-id-2: b6z509ah5i55HvTFgy3BtgWvHAqfOSM6RBn0XXcGr6NSFx1sNbDrv+G5pbQsO7MnAbP9phga/Qk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a6b4ac2a-88fd-4d8f-aff2-8c3bfbeba0bd
last-modified: Wed, 24 May 2023 03:09:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YI3Nmf1BL1up2UCcitw98y4uxszXCUkk49ZaXLJGczHr5yX5r4rmJMZmbi52k97Y0hBVFB%2FUuCM%2Bv5mzwp7yB24sS%2BSCq4iYp1x1IvR%2BkkyAytno446l8TF40pfN1FLLgk6XuRivVzDts8Jg2JY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 808a8dee998f5caa-FRA
x-amz-cf-id: W-daEw5KzpnXYgLT9qKy-YECCMPkOM5ADQe_2i2_feBcMyP1EmyCLA==

GET
H2 200 module_72308060713_Blog_Related_post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/ 980 B
1 KB 125ms
123ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/module_72308060713_Blog_Related_post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 5SW032H00F8X0FPS
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"367408b281056af8212339a4673151f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943698
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 8beba0476250d2240f748269153a9f96.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PvcH1mnBAoQZmMyjaqQqh_SH9bmBXz5d
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Wfz5CxMqXRql/8hNJ0xyjGKO5Mv6k7sYdWK+9v+iyKoEnK0Ypn8jZW9vCGI49Ing318e63udkxY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 098a507c-8c4b-4966-b0d3-19cce37519be
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVQ998XuYg%2Fbr2UiMacfq%2BpSs1zrUnlq80B3taZ0CMN3rA0mkGKLid%2F%2Fhs2hdyvHQJICtpkftJdMtMeikeVy2dJJSJHY6z4uQR66mMLooJhfsLe13LQZQpYxy9Kx3neaYmxVBS8g3%2BEUCux8%2Bxk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-hlzsf
access-control-allow-credentials: false
cf-ray: 808a8dee99935caa-FRA
x-amz-cf-id: km6v-m9zlQ__DC1ZqEWBnZwgLc39Z1FmdEtiQt_ZcwcAOscjdfVdVw==

GET
H2 200 module_37648091485_POWER_Footer_Full.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1684898810500/ 576 B
1 KB 106ms
104ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1684898810500/module_37648091485_POWER_Footer_Full.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b5765cdf7d4f072406ef5bfeecee9b32bff67188fd51806fdb3e33dd947d083

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: GYAPQ5AA20E9ME84
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"9a99157071cde4851612764968f3d978"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684898810500
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: R.csxy8CglfZBKioFoVylJ7B89DN_Gka
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6E+DYBmtrRhwgvNq1ZV+sX17kiaVjvKA/4LqcfnplNNkf0/bbbDYvB9WtnZ7YbswdSTRzvKs5Fw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7037ee43-2785-40a2-a28e-9d22c3f605e2
last-modified: Wed, 24 May 2023 03:26:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kk7UB%2BSEvkJg0FLuPdP1XzCEgfKAvitRY5HRZNmSPurcdMCt1N798LMOrD%2BlWiZWwP4Vq%2BHrQLFc2JSObXiTpQFJkKjJMOuqQ2m9G0lF1lajMXRbad4L%2FtYRI0bErKlE0tZKPv68%2FS1LzdCJDPw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-ph7zk
access-control-allow-credentials: false
cf-ray: 808a8dee99965caa-FRA
x-amz-cf-id: 84onbyULirEew67nNSVhlmukUo461wnh4QiS-wuoedjAPO8tvl2miQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 296 KB
96 KB 152ms
62ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

874bcfef97e339da8ad8cb8c0560ff77ce2f04b6603b15f3b5a5d822fc57fbab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97391
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 18 Sep 2023 15:17:12 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 130ms
42ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 146436
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-eddf8230105-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1695050232.177001,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1, 127936

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
code.jquery.com/ 11 KB
4 KB 128ms
41ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.3.2.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 249612
x-cache: HIT, HIT
content-length: 4165
x-served-by: cache-lga21924-LGA, cache-fra-eddf8230105-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1695050232.176994,VS0,VE0
etag: W/"28feccc0-2bd8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 49, 5001

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 164ms
40ms Script
text/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

e5e1c9d4a9fbbd3e00b14d12243ab0c847270232c41af029674e59f5840b401e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
content-length: 163639
x-li-uuid: AAYFo0qNDn5Wx5nsEAb+lw==
server: Play
x-li-pop: prod-lor1-x
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Mon, 18 Sep 2023 15:52:28 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1694724148417/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 183ms
88ms Stylesheet
text/css 2606:4700::6810:6ed1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1694724148417/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6ed1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-encoding: br
age: 326003
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1694724148996
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P4
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 12959369-c9a8-47b5-b243-922026137f5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 179
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 12959369-c9a8-47b5-b243-922026137f5c
last-modified: Thu, 14 Sep 2023 20:42:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJ4hcTdNRJRgQKIxxrLol8MukO%2BZuObnLmlx7e51tzSCtv0g%2BmGtmx%2Bvzpq00YEoZW%2B7rW6uqjs83eQZhv%2BbJTI1XkFNp%2BWWbvbK6cBIwS0S4GjlprIpspHkfOhWz7n52twQuUBgtWR%2B%2Bpeyavk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 808a8def28824d58-FRA

GET
H2 200 pwr.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1691599156376/HL_Theme_2021/Coded_Files/ 248 KB
43 KB 119ms
118ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1691599156376/HL_Theme_2021/Coded_Files/pwr.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

57c4b7673e3943ec077f8026c6905ae8cb5b552675fb183b480b69f58b33fde1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 4QWFSGH41FC95W06
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"77ab0a25d7ef4eeee4f15224df54c62e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1691599158051
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: E71.yiPRNntQx1Mvzod_ujyTaH1KgspO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 422775c6-d68d-4ded-a9c9-cffa21c5b643
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +kb7LCw8jM5giXQnuUkJ6yiMReQCEI3ImaY7Dqn3Qc/R6/vZEFLvFFiBko03G7y0l0wv9mLGujE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 422775c6-d68d-4ded-a9c9-cffa21c5b643
last-modified: Wed, 09 Aug 2023 16:39:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uG9WNLL7nNEb02yP4olaSbmKVtD1iHzjQ%2BTAmISzrvZCYtDMKaYkh3Ygf8SzYXXUJGvMfmo%2FcOK0Vkx8becwCHkgBhpR3eKVvCJw1bOFOlIgcWzpVXo%2BR8LE4NzXLQFi9ZMxyWyPBtyMJHWpDk4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9jn6n
access-control-allow-credentials: false
cf-ray: 808a8dee99995caa-FRA
x-amz-cf-id: oELDe_l0mqErDcL1isFGlN2nhmGgUxfP3I-V1CU5mSRxtU2sNh2NmQ==

GET
H2 200 custom-styles.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1690918134429/HL_Theme_2021/Coded_Files/ 5 KB
2 KB 102ms
101ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1690918134429/HL_Theme_2021/Coded_Files/custom-styles.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55162e9b494d9fc1831ba6a83f207a1ff6d85c052d821ad30d78baf212930cf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E5Q683G03XKD7989
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"0766f87b64791941ba79fc2350fc97a7"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1690918135054
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ecjJqSeY7kgiYSTjpULMHWneSGBFK75O
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5ce0dab8-90a5-4912-872f-a953c2324695
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 131
alt-svc: h3=":443"; ma=86400
x-amz-id-2: eLOlVwypbUAjHBn9NYm6wXFNs/RKf3dRYHM1XReWR3TF2CSsvw2kjTHR6hmBintRlcgeVz5cBUM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5ce0dab8-90a5-4912-872f-a953c2324695
last-modified: Tue, 01 Aug 2023 19:28:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnMyVY9P66Lf91yB3Ypk0G5L9vEjTY5TNNyB7m3dI2nqQYRygbgo0UrdsMKs%2Fri3ABsLCzk0mcwiYZ%2BUgRwR4Mmuzh6uGpIUrQSC093pktDdhsZYL38UQU4LTUIeCRtVcOpxcfSze5K7ebvUdVg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 808a8dee999d5caa-FRA
x-amz-cf-id: 32uz-uPHmQ50UXu6-imfWY7wInQcG4JsVyt7PlnVNRAk-8L5QcwRzQ==

GET
H3 200 Huntress-1-1.svg
www.huntress.com/hubfs/ 17 KB
14 KB 89ms
87ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Huntress-1-1.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-83639587659,P-3911692,FLS-ALL
age: 412914
x-amz-request-id: NJK6TZW6E8DEYCYF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662015849971
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CV3yu1lUsNjBX07SDUAQdESVyZxYlca4
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4ilDHy/r1nKw3XhfsX/oaYqDLdj8eQdDhEqxeyHjNKsO4AQKWUG7bLBbYFRh0TUxEEDm/PDg2XTivvi2zcHIpg==
last-modified: Thu, 01 Sep 2022 07:04:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2F9QYxTLaX8eekW0M74M91egEPMMkPoboR2VeJDfM3H2VHoKOYW3RCBxBOs5Hy7vn0Tnyl%2Fq1L5wHpBbuD4qo8LFGjnd1WQoArtZbGy9sddaExS%2FoAm4HcuVMgC58IKniEaPw6pL35FzR30ejwg%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 808a8df04d20920e-FRA
x-amz-cf-id: 9dk2_O9imXOUqqjuuHoYG_uXYvVogv1w_1TZuFctiChkbgte5qooIQ==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
362 B 443ms
56ms Script
text/javascript 23.215.20.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.215.20.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-215-20-4.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 18 Sep 2023 15:17:12 GMT
server: Oracle API Gateway
opc-request-id: /ACFE901E1D35BFEDA30E1D71284AD6E9/151E9FAFB8EE517B7025B79B4EFF3795
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 hgw5udjwka.jsonp Show response
fast.wistia.com/embed/medias/ 6 KB
2 KB 215ms
118ms Script
application/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/hgw5udjwka.jsonp

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

93a5a0cfdea362c1ee1b739db312349ee8b67754522f104c087eea9d21bbc6c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=0
via: 1.1 9bba1485ff47cf63bc393925f38d12fc.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-permitted-cross-domain-policies: none
x-amz-cf-pop: IAD61-P1
age: 7725
x-cache: Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 70
content-length: 1624
x-request-id: 7570299c-bcd4-4e29-9920-38d9461f4357
x-served-by: cache-iad-kjyo7100069-IAD, cache-fra-eddf8230101-FRA
x-runtime: 0.067063
x-browser-version: 117
server: envoy
x-timer: S1695050232.465904,VS0,VE1
etag: W/"93a5a0cfdea362c1ee1b739db312349e"
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, no-cache
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 8yBkl-xEMrkSaQhQDyUrqDWWZHUxi5An7ichJuntJp0R5TGcHUw-Fg==
x-cache-hits: 6, 1

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 731 KB
125 KB 136ms
40ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

23e985d081d9f85f9ee808c3a174c485be993fb2b3d3182ca9f729f6cc0e6da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 738
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 127124
x-served-by: cache-iad-kiad7000169-IAD, cache-fra-eddf8230101-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050232.465589,VS0,VE0
etag: "4894399c8eec8a045b59c0e599e74ab5"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 52, 106

GET
H2 200 swatch
fast.wistia.com/embed/medias/hgw5udjwka/ 3 KB
3 KB 214ms
118ms Image
image/jpeg 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/embed/medias/hgw5udjwka/swatch

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

896ec2a677639c5ec7f77c8e61f7ee0ad0d0ae21d486fe58de720329307ea21b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
access-control-request-method: *
via: 1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront), 1.1 1c270697a065feaf9aaa711be1cb8b0c.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
x-cdn: cloudfront
x-amz-cf-pop: IAD89-P2, IAD55-P2
age: 1142246
edge-cache-tag: 5a508bb9b92a8da09e3893e3d45cc0dec3e09bad
x-cache: Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 42
content-disposition: inline
content-length: 2873
x-served-by: cache-iad-kiad7000119-IAD, cache-fra-eddf8230101-FRA
x-browser-version: 117
last-modified: Fri, 12 Aug 2022 01:25:20 UTC
server: envoy
x-timer: S1695050232.465560,VS0,VE1
etag: BCZGW2oQxsoUZU08bmF0feIdj6k=
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, no-cache,max-age=31536000
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Fvv3Qog_j7HHQWm_HhOZGd6_R9rMAZGpdcQ-iihHF3hteb08gDal8Q==
x-cache-hits: 5, 1

GET
H2 200 9a647ae3-ff72-4027-9e81-f319760a7014.png
no-cache.hubspot.com/cta/default/3911692/ 92 KB
93 KB 366ms
276ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3911692/9a647ae3-ff72-4027-9e81-f319760a7014.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

062d666beaf1dcb9e94721b47455c6de55b4aa4cc59b4a16de64383a74262ab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
x-amz-version-id: fzG0RCZtZWQkfrvU3jTQC02sJDCapmAP
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: BSSDG890V7XJ11MX
x-amz-server-side-encryption: AES256
content-length: 93962
x-amz-id-2: b2wMJwIRJTg8wH87Jm9X8/ATlF7L6cpWUrRAzDkNEVaXEiTc9PMtpsfdPTN7Y9Fr4U5e742Y1Es=
last-modified: Thu, 14 Sep 2023 21:01:21 GMT
server: cloudflare
etag: "d290cf01ac382e943bcea8e6d081231d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E034AcV4FL7r0RDRTSzAem9YFWYLc9QOVwXB2fBqu6ag3%2FM3yCpGAPLa1nsDISJR78sHJUZkz4VrujpVggSUeuV6JS2Vm6WnhSaiioTul82jIlSyCXF4FlKcn5J9RZEXqpcdechuqGYnVZHOW1P2LsVq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 808a8df0dbaa3664-FRA

GET
H3 200 current.js Show response
www.huntress.com/hs/cta/cta/ 16 KB
7 KB 72ms
72ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/cta/current.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 155
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.202/bundles/current.js&cfRay=808a8a272100921f-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"926f957a3fac01f2a0f14b2b115f7f9a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.202/bundles/current.js
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 9ig2rWbDeIcnXyn9E_XWedP2hWENxPRc
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 73291921-3683-4523-8931-33549a614408
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 73291921-3683-4523-8931-33549a614408
last-modified: Thu, 24 Aug 2023 03:17:03 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKwIq4DnQAjuGPnA5tNqTS%2BjfOgPUfdI7ocEgFcQoCS7f9h%2BBUZ%2BDdb6o7VaRl5C4Exm653t%2BMUZ9qobEN8trnkKY9iydPPIOETt7jj8gSSjTeWWFcYG4fOC6DTXiCJ69Ax1fqBumpZ30RheqHw%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-f6hcn
cf-ray: 808a8df02cee920e-FRA
x-amz-cf-id: J8Ex_IcrsuPcQP9kZ7ggTzTDieF4sFiAY_opmXXpjAvHa30zRuQakA==

GET
H2 200 magnific-popup.min.css
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 5 KB
2 KB 139ms
51ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 423591
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1283
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-148b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCwmAXGe2dpYYV7BJcaon0KZ4E7K9k8Yzw9D9SeT0idG%2FRKA5g2D4X2rW2s5t553tExR5%2FCWb6TCZfiNayREx8LzPf23lTtp3SjsW54xzIEvIY3aFmH%2FMfQwD0doPr0XC0AB%2B%2F3N7BXfCkK35GJPvSXJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 808a8df0dc76bbbb-FRA
expires: Sat, 07 Sep 2024 15:17:12 GMT

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 145ms
54ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 435839
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRrT1%2BAHiInZgZLagmrK57W0UjV5u4s5pLFvKa0nWihD3Qy6y%2BZYNR81DXjl6gHjpwhPEwAtRzly6W50Lh5uSm3x9BrSFLoL4AOseshMLoMLvMVaJmOMU1Enjy3y75P5KA9Tke3Zm07UqDGokzi24Pdlhn0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 808a8df12bf518f1-FRA
x-amz-cf-id: 0CrtM1JaR-Y1udGBBPZNvOu46612wP2Rd98ATg9ajHbTnwiiIGq10A==
expires: Tue, 17 Sep 2024 15:17:12 GMT

GET
H3 200 pwr.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1687185407986/HL_Theme_2021/Coded_Files/ 153 KB
39 KB 124ms
122ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1687185407986/HL_Theme_2021/Coded_Files/pwr.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5a421dbd597a94360622aa975ff3c27809a08e5ddaada7832a692c3b51c5eeb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1843
x-amz-request-id: WS685CTTK3FY23QV
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"8e806318ee2a202f50bd8cb20fd2a402"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1687185408717
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: rRKXCqkyBDcRwPX3bFJeQzRBVXD92P5D
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 130
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VMnllWY7QTJoNw8ac8LuT9j6adTeKqkxz0zRkzQnypF6EMFRHs5D9+tj81rBAac75Y9WtspnUiMw8vJ3S22DsbprX+ChlnWAUmXc9SbA1BM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5e18933d-dc2c-4879-84e2-bb7ee568e748
last-modified: Mon, 19 Jun 2023 14:36:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEVA8Fjv2%2F6vW2sWoUQm6%2B1Dz9g7R7FKSPy6JhU633hgxpK2lyD8E4gG0AX7uwTM52OkTAWLEiG8a0r5vGxvMJAxkJC88svWWEIERIirzndRkpmhJVVzxJ1xRzU9PAwUwgxr6Kig%2B0TIPQA3gkI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials: false
cf-ray: 808a8df04d11920e-FRA
x-amz-cf-id: 7hMKVPCKIBSjNofagciOvM919pKypq1I49SuopSHuu6dGRRHWVBxXg==

GET
H3 200 project.js Show response
www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 165ms
162ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 12392948
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHLdVHud0Ux%2Fl1o37EN4Q%2F50xCpNFF%2F37mLtGXtfy2v3NPHXUw1EfAcU2YVYSK4LcdAluVNPVpVUuoYfk%2BInFG1fAqwnqJ%2B3d0D6Fx1MfzAl543yqM0CSC5rNU2KBYt2Tm85JBGcuYIMm0JDe5g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 808a8df04d15920e-FRA
x-amz-cf-id: npDRtHLjVqh8zeihJtuF2gyuTq3Qaqk2QrNbNCcHimg8EpZG5wWqkA==
expires: Tue, 17 Sep 2024 15:17:12 GMT

GET
H3 200 module_97827380338_POWER_Header_V2c.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1694782374171/ 490 B
2 KB 85ms
82ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1694782374171/module_97827380338_POWER_Header_V2c.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db6b123f97b64be2a35c607c2d290818cea4f045f157b7499d1e57797b52f66

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1844
x-amz-request-id: QE11YVCC4SX6KENK
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"15ca550d80a1ae79be0e037f4d84d584"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1694782374171
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: H7o5CnntOcjT0Cq3g8B0_.8s1wYC7hRv
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ffbe88cc-0f0d-47f6-8ae0-a38fdd967a8d
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JVvQhYIKvazPD92hKFIIX6QVFwiGolGbdR7oRLxMx9NEvtN0tHaTduLM2ijeFdT+RTSGr5lijaga56qiGiOT/93dwF8pgfa3BJozaMMDmt0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ffbe88cc-0f0d-47f6-8ae0-a38fdd967a8d
last-modified: Fri, 15 Sep 2023 12:52:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1ncPeCGQJJn7qrhS%2Fp2fEQkNIH9GMA7O1Ct5tzrpTSaTaYYIVtWwqCcOPJD%2B9UnlPsuJng22IOlB4EuMvjOJhhsdUWEx%2B8BadrRUhgnv%2F3xwgE6OdG6KG%2F20zjMaSTC8H4ZRhik%2FysIO4jjJA8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9jn6n
access-control-allow-credentials: false
cf-ray: 808a8df04d19920e-FRA
x-amz-cf-id: SxhWiXhpOhbBT0jLF-LAdsrKMecgze8-wlu8hLVHYJ-ih1rXqRx2Eg==

GET
H3 200 module_37648262592_POWER_Blog_Post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897766490/ 933 B
2 KB 89ms
86ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1684897766490/module_37648262592_POWER_Blog_Post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1843
x-amz-request-id: F43T57KCXSAC1BH6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"005ba15488b184ae927f2bb08fa5a345"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1684897766490
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 21H43FXQjaJWBvLJlB0WIq6ue3j9mZAD
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 151
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YdhiJqpvMVbKeejZdx0SsxKxG35kiNfGaSze5Q7x9hxXP8LGP5upBo+m+UAdATsCwUaXr/ZlGWw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4a0ae63f-e7b2-45a7-887d-10a434978ac2
last-modified: Wed, 24 May 2023 03:09:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CayzzRJgW0bg8jQCYkQRggwnTJRl%2F3oQ8O11wyHufko6lXxUo%2BAoAyUlYZ3hRFGYa0tHLamWUT4xxouebIcANN3UYLU60BboKa4X0sxwOFyqotBpJ8T1cP0SioYdpZQZss4pkui%2FiBVXjd9QcTY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-qbhrx
access-control-allow-credentials: false
cf-ray: 808a8df04d1a920e-FRA
x-amz-cf-id: waBs1Ia0c-onEg9r5gKVcjCu743x4kZHXksMQQe-qQ9yeLu617P5Pw==

GET
H2 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 135ms
47ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 253054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6546
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-4ef8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=naI%2FMWNH%2FHAY5%2BT3RWT4oqDpw0IKbKdChhQtrmvnzKtaz6tRa0z%2F%2BhjOVzS6vSmgdJS%2FJREC8UJgWmmb2lWsdkpebDbb7wvsfbY2YecSTJ72yrCBy9f10nZnOD9h2s9gewH1irpMgEPrB9ccs3VHHPWS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 808a8df0dc78bbbb-FRA
expires: Sat, 07 Sep 2024 15:17:12 GMT

GET
H3 200 sticky.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/ 3 KB
3 KB 86ms
83ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/sticky.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1843
x-amz-request-id: SHMKDX8ECTD8SD3F
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"55ae62a2138b0ac2dad2cd6f3fc3decb"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1646636852583
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oIU6rHYsVQSZOhrGoqvW7sFAXkwuMMSC
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 120
alt-svc: h3=":443"; ma=86400
x-amz-id-2: L+KLe3jkeKeB51OPsdQr7ng12bIG0gnWP+ZQlU1717dSf69fkEsyVRE09nlgXl7d7zQSR/yIDho=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9d9362a5-4ae8-4e6e-9a3a-4544d7f6c7fc
last-modified: Mon, 07 Mar 2022 07:07:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foy%2Fu8V0td%2Bd80GSgRyQM7FpfKei13RQp3nkUvp1%2BeGN7xb4TnrHsJonmDhoL4WoWOtXTG7emesYoM%2BO5E1G1uZxayALMiAzDDghyqOZj8dSxBA9QpkxFTypGRs4%2BuajZfArDWt350B4PsV7rl4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-7hqzq
access-control-allow-credentials: false
cf-ray: 808a8df04d1b920e-FRA
x-amz-cf-id: Bn0P84FSfU5byAg_NtoCt0Fl8qNexpGahm1fG-rH4Rr1-I1TtRqWjg==

GET
H3 200 module_72308060713_Blog_Related_post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/ 365 B
1 KB 167ms
165ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/module_72308060713_Blog_Related_post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3131
x-amz-request-id: GHT32DAY6Z6TBSCN
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"136cb371b82e4f0a84d11b654e92bb11"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943002
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SBG.fyduSO9gOy.FmtNERc3Ncw_1ixXc
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UtxuR4XoGypdCSb7wkbC+0U60zVxSGUUn6DOUPJ8xPBGxEvegEC5rC/bBDb6fF0m1eplqa5kCFw=
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FNA03zUbxbeorKbF6SnZsDDKUhSemDSTgWdgIqFTeposXBgsKqrEIgcIzZpJKedCozQnWODTEh%2BgGljwzCbu8zqLvgYHA1aoUJ034%2BZQxa6oIU6X48%2FHE6wQWIH2FQFryXJgS4tv5pgSV%2Fzf0g%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 808a8df04d1c920e-FRA
x-amz-cf-id: c9iFqKbSgEzQ4xt4uV4sbLWwU9VyYwTdhy6gBgCOJ8JJ8VBFO_XxSQ==

GET
H3 200 v2.js Show response
www.huntress.com/_hcms/forms/ 549 KB
181 KB 89ms
86ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/v2.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a968f7560a3f021198c233b384d7a88f43caacfa0154f88e02116aa74fb65e6d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 591
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3775/bundles/project-v2.js&cfRay=808a7f83470c1c38-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"a51322b373df386bb77a795cb978ff6b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3775/bundles/project-v2.js
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: cf9Ibwjfs0bKfJMoo1B1m6It1HkZCzhH
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 875b11d8-713e-4e56-816a-9fa31c2b9a12
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 875b11d8-713e-4e56-816a-9fa31c2b9a12
last-modified: Mon, 18 Sep 2023 12:36:49 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6i9NbbyiOh9A1mVs2%2Bxsi199UPCk%2BLLkg%2BlBNUDXu%2BNi6U%2FsTW%2BTylCFuPG9v%2FFV9kT2ftgpPFz5WPXSLdoBRVmveNc2%2F1C6EA6r0tD3zUsD2BVBXgfGM2UFzZToGLhRujPr8OUc%2FtKJHHV8pJM%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4zxj4
cf-ray: 808a8df04d1d920e-FRA
x-amz-cf-id: K30De-hK4bC_LRskqT5mwpjjf0RiJDeRKdYr_uIh5T4nhTAgTnlSgQ==

GET
H3 200 3911692.js Show response
www.huntress.com/hs/scriptloader/ 2 KB
1 KB 518ms
516ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a263e64fb1370d7a19b464f9ad77240556592100b880e7f3a38ae11c355e7a9d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b0eeff3e-d7e3-4965-b9e7-f867c74ff284
content-encoding: br
x-envoy-upstream-service-time: 11
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b0eeff3e-d7e3-4965-b9e7-f867c74ff284
last-modified: Mon, 18 Sep 2023 15:01:38 GMT
server: cloudflare
x-trace: 2B56119B11DFD988EA4ACE3A4D2C7BE400D7A207A4000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-8ppsz
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AhrwFiy06P7a%2Bx%2FRghxVLh89zzrycR%2FCux1LD0A2otRM%2FQVsPo8kvg3D0hriGON89MYM59FjScfhQtYwwisFpO%2BBl27tBqnpZ667%2BD9A%2BxRhiHSu%2FhRXaoGfTqJp%2FG2cgR7zH%2FS3%2BszNVBbksy0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 808a8df04d22920e-FRA
expires: Mon, 18 Sep 2023 15:18:12 GMT

GET
H3 200 index.js Show response
www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 255ms
253ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 a355d8f903a0cf5525893c863fcdf216.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 12959521
x-amz-cf-pop: CDG52-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHJv0WQAL0%2FJ95IoR0qrhNMNzIFL6Gk%2FS0Tzrpg3dLwRRcTou5hGOuLE8IGtIq99uwomfc9SXAKpi5nqOB%2FXZ4GfoIAtLodTTKKMGqUy9ElykIVj%2B%2F6AsnqrPxCD1wlv1CUiZC8OuOEi1XfxLm8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 808a8df04d24920e-FRA
x-amz-cf-id: TYHgsp09grVKpYA9dxiozj2UAW4tlG6PoALJeeeJ-H2x7PoACqsm6Q==
expires: Tue, 17 Sep 2024 15:17:12 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/ 69 KB
16 KB 140ms
52ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 427589
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15998
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-11405"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OM%2BQFJwJ2YB09K4pZq1OmcDbZqmq8bljaK%2B%2BX7lZjzF7uTiauuFpKSyot3k2BXxcfan4sPf%2BgcT7IZs%2BWVW68cblxK8eFOwSU9w9W0C6MiHMoWBJa0ePD9XcAxIiChIu3khHzVlOc2YqG1Q40UrAJsOj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 808a8df0dc79bbbb-FRA
expires: Sat, 07 Sep 2024 15:17:12 GMT

GET
H2 200 lozad.min.js Show response
cdn.jsdelivr.net/npm/lozad/dist/ 3 KB
2 KB 149ms
59ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22353
x-jsd-version: 1.16.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230052-FRA, cache-yyz4556-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"c17-/CtD5WDEW7iHrdmPF7CEBoqSMss"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5frYnTkutMgORuv1EETa0r7Yrj6qmngIhygYVqOSlvODtHto8a0RzPGCwAayNcfb5bTsRh%2B8cHBNliaQdzQ%2B%2FeQKxhQI9oHlD52XBQ4smtVIbNjEqyPDTWwyJG88DOeXx7%2FCenKEjEtPdUXtC%2F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 808a8df0dc031c20-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 306 KB
99 KB 105ms
104ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc64c57cd08b462324bf3d3d82928df144534c7d0c8398440a473d1002f51faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100967
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 18 Sep 2023 15:17:12 GMT

GET
H2 200 sp.js Show response
cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/ 111 KB
33 KB 57ms
56ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 925418
x-jsd-version: 2.15.0
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230073-FRA, cache-yyz4538-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"1bcc9-Fvi1pHLpkqezVQp0uCr6MtFyy4s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eymPxH3xMWWh4qW%2BHTs7CCtdz14PIf6fqNafuf3Vsv3u9KqEJWaEght0%2FLdlSlP%2FcsYWMvKbkNV6j5HBC3DBPxI5KKWPvBrarDGZFurN1rjL%2BOGJEWyPYDWXEqms%2Bw592XjTtqmzAAd3rAqfANI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 808a8df12c6b1c20-FRA

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 136ms
46ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&f=1&r=0.1391869879308658
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 66386f527eec5f5df25a2cdf590236d3ff5e728721a7ed6b22362f93f1ef0421

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 211ms
51ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: ZBK9GVWNHMM615HE
age: 1449
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QApJjUMe6dPSmzYXiYFc6dOGGKZMkdZ0kUVJbzRIgTVpYxPQx33CSERxtLdkqDuVapIv8BDSyiw=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 808a8df22a891952-FRA
expires: Mon, 18 Sep 2023 19:17:12 GMT

GET
H2 200 5d3cypit2iz8.js Show response
js.driftt.com/include/1695050400000/ 212 KB
60 KB 367ms
216ms Script
application/javascript 18.244.28.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1695050400000/5d3cypit2iz8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.244.28.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-244-28-107.cdg52.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
via: 1.1 7610b91e2653cd801af5fb6517906ed4.cloudfront.net (CloudFront), 1.1 36a5f51b66187c48c1a43f5fbec8f28a.cloudfront.net (CloudFront)
date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
x-amz-cf-pop: IAD66-C1, CDG52-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 53
last-modified: Mon, 21 Aug 2023 14:57:31 GMT
server: istio-envoy
etag: W/"576cdc1c0941a520c47b54aef3b463f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=10
access-control-allow-credentials: true,true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aqzXRYTq9sQO1AlkE5vwq8Y5VSOIU7Vc0EzYxUAKb9NSh5fr3xceNA==

GET
H2 200 HKNova-Regular.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 32 KB
33 KB 227ms
120ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Regular.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1691599156376/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
age: 106970
x-amz-request-id: 7F34Z5NVNERJKM7A
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "5a3239585a66868a9109bab6273f0a26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607406808501
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 18 Sep 2023 15:17:12 GMT
via: 1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: y1_7cBbebzu1P55qghtsCfIzqKHObY4N
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 32892
x-amz-id-2: nIm8mwkEPLx553QyY3eP/cf0a4s7G7Vv6ktYbQMHxvTcBUcTKXomAAo3Romlg6subpWFZnxWMv8=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 808a8df10a3f30e4-FRA
x-amz-cf-id: pJkeAoXtn8uwqAqKMfBMvk-ztp-R-7Opvec2zX3LviYymK-pEJzFFA==

GET
H3 200 Blog-ThreatAnalysis_Cleartext.jpg
www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 26 KB
28 KB 223ms
223ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/Blog-ThreatAnalysis_Cleartext.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

26af4e642cf1bc9baf695502fb0fa2c54c94531002aafb9716c071b45d68f7e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-94523781739,FD-65276690465,P-3911692,FLS-ALL
x-amz-request-id: 6PVQDMCSKR6M46C9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94523781739,FD-65276690465,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog-ThreatAnalysis_Cleartext.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "7288d26a4f164662c6545d9b85b5bb7f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1670443116833
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 73dfb2192db76ab224b20f9d76621a72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mVZwjrFwNrVTHMPSezi_O0HZOozAVfgm
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=51656
x-cache: Miss from cloudfront
cache-tag: F-94523781739,FD-65276690465,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 27056
x-amz-id-2: y+Mzjqbjmy8pJXlFqLYdKL3CVdlYDYAFsJtEN/91TaaS+VlhrA3tB6oVWrrpPrkfQRhoJEhT5bZpR3OKFsmUL5mL64gtZ1y+oy2ZLF8pP+4=
last-modified: Wed, 07 Dec 2022 19:58:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2F3%2BlzGRTzfCMRjNmwCkhAHRym9neFCWE%2FztZEhU8RaavxMrfcNWU3JBo90L1f3khkOlixU5SYOV%2BmZ9a71Z8Nrir4DTGO8ub9uqGBv1JuExOrrqWYN9f4sYrOjvtd3pn41TahdyjTTQCtrxeyU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 808a8df08d54920e-FRA
x-amz-cf-id: VMDqPPkqggRDN2E6lURRZP8tDmGdSsr1_G8in38crBIBEXXfmCL3qA==

GET
H2 200 visuelt-black.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/ 28 KB
28 KB 219ms
132ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/visuelt-black.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1691599156376/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
age: 886274
x-amz-request-id: 3WH7XA7783SAQB97
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "80407703322249fe13bbef5596e9e414"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607408610505
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Mon, 18 Sep 2023 15:17:12 GMT
via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: zgv.hEhHVdSF2XuwUP4L0JY36hLML11L
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 28504
x-amz-id-2: oTio3xkUYqY/vESb8bvkzSMmipulHclcns/T3lrdQJioDKPktnhjlEAfxxMKvH1rK1jDSULEoYU=
last-modified: Tue, 08 Dec 2020 06:23:31 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 808a8df10a4330e4-FRA
x-amz-cf-id: TjKmkDLGawG16vk2rFMf-xeftWFSM90mUGhTpcktGoYrU8cArx4oLQ==

OPTIONS
H2 200 tp2
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ Frame 0
0 145ms
40ms Preflight
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: https://www.huntress.com
content-length: 0
content-type: application/json
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin

POST
H2 200 tp2 Show response
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ 53 B
325 B 265ms
167ms XHR
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-methods: GET, POST, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 53

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 225 KB
79 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-429191348&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b1960b5a73e4b954b9de3c1e950a7cff3f6b0d346f4528c511621b14a8b491c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80283
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 18 Sep 2023 15:17:12 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
246 B 142ms
53ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je39d0&_p=1893531742&gcs=G100&gdid=dZTQ1Zm&cid=2024779915.1695050233&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1695050232&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&dt=Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 129ms
128ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=620982&d=huntress.com&u=D3E9A1812F28A8613613E078AAE60E93B&h=74343d77744ccf0050c2e93b85e6392b&t=false&r=0.5726494836283844

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:12 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
455 B 295ms
77ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=112412829.1695050233&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&gtm=45He39d0n81WVGPJJ5

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 263ms
40ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220079-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 260ms
39ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 18 Sep 2023 13:44:21 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5571
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 18 Sep 2023 15:44:21 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 260ms
40ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Sep 2023 13:41:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=54332
accept-ranges: bytes
content-length: 3822

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 281ms
62ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 18 Sep 2023 15:17:12 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FFA290881594ABC9D6DCF9B2A3A76D7 Ref B: FRA31EDGE0809 Ref C: 2023-09-18T15:17:12Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 6 KB
2 KB 264ms
46ms Script
application/javascript 2600:9000:2611:cc00:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2611:cc00:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-version-id: FA0kpUmjH6379n6SM2OzYViu4FNXSGFq
content-encoding: gzip
via: 1.1 f811752792f4ce137c80f3c4c59d11a8.cloudfront.net (CloudFront)
date: Mon, 18 Sep 2023 06:36:33 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: VIE50-P2
age: 58300
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 04 Aug 2023 00:07:57 GMT
server: AmazonS3
etag: W/"2963b0a1258588f130235cbdfe809b88"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: t6nJHKWzSyq3RZeHe7V3KC7z3SAQDWpSXEaVQ43h32ZJu_jN0n5hkA==

GET
H2 200 62f67a71a4cf97008ef6d460 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 490ms
273ms Script
text/javascript 2606:4700::6810:880f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b642ae49afd5e7b14eb37308a40c215db4817efaca73324f93b811d7fda2dcaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 808a8df3ea0a3a90-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 246ms
82ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 79201
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 808a8df3eb0d9bc2-FRA
expires: Mon, 18 Sep 2023 15:37:12 GMT

GET
H2 200 1006267.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 280ms
164ms Script
text/javascript 2606:4700:4400::ac40:90e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&e=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: e9aec1a1-3bf4-4a52-8e17-1301a1a83995
x-runtime: 0.004222
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 808a8df3edbb4daf-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 197 KB
53 KB 122ms
42ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

66e58d37cc4b8168a1bd6678e085b43e939eb138fe608b7faffe3b1ba76b0c7b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 18 Sep 2023 15:17:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53155
x-xss-protection: 0
pragma: public
x-fb-debug: LygdUyIy9jHesWSJMsQbgSmHqjHhiC2lbKt/xFnFHXgjileP+n5jsHsOQeZiEoahFClIJ0CTgGBjKcs4EP3KMg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 135ms
42ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 251ms
152ms Script
text/javascript 18.193.29.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.29.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-29-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 731159bbdd31296db969bd3049f07f7301568ff8d2b58b99b7608e0d31cef29c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 18 Sep 2023 15:17:13 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 e666a54d-ff29-48f9-9baa-2be6ac05412e.js Show response
j.6sc.co/j/ 837 B
1 KB 576ms
445ms Script
application/javascript 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WVGPJJ5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-amz-version-id: iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 837
pragma: no-cache
last-modified: Fri, 18 Aug 2023 17:22:32 GMT
server: AmazonS3
etag: "29df5bb770be8e518fe2206581f712a6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: RnPPPbdXDcqlU97oe5JwyfUeFSj4S0ymn-ITM4Zcvqi_gzlOaU466A==
expires: Mon, 18 Sep 2023 15:17:13 GMT

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
358 B 400ms
119ms XHR
application/json 54.144.37.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDc1MzJ9.cEH1s6yztON1Ehgx-719N-kMH0OD6S-0URMdFL8pAP0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.144.37.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-37-180.compute-1.amazonaws.com

Software

Resource Hash

b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 45d565b8dad6abc8d94ac8a823bc9e75

GET
H3 200 Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg
www.huntress.com/hs-fs/hubfs/ 13 KB
14 KB 73ms
73ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg?width=600&name=Spidering%20Through%20Identity%20%20-%20Blog%20Thumbnail.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

70e4523c4042427c12a9c72ce6c27695bf6d13c0065819eac9468f636e2ed54b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 65276759ad449c7bd056011d5cc53b7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-134956064052,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 13354
cf-resized: internal=ok/m q=0 n=674+0 c=1+16 v=2023.9.3 l=13354
last-modified: Thu, 14 Sep 2023 17:53:25 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfXqeOnU8Rlp1QQOdCSdWT_0cfe_YPQ8NgyooicLtuDQ:f90f2dc4c37dccd51fc846e60aa624ba"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwBLBR36QDrYEFy1OAAGAomXVUWKJgVJ1Op%2FZq9lZissIIQcszUJCoMstKs%2F6Omd8Nnb%2BzGbkuoYB3ijId4lK0k4wwp30xGyzsUWiHvrwTOfQITjw3mCn%2FNbsfgWXRNRFoYTfN7ssMgRqnQxagE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df35859920e-FRA

GET
H3 200 Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png
www.huntress.com/hs-fs/hubfs/ 100 KB
101 KB 123ms
123ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png?width=600&name=Evolution%20of%20USB-Borne%20Malware%20-%20Blog%20Thumbnail.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

015f37ba3efc7959978d0b6c056cf021ef168e67da1b6c4edcde03958c3783cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 0b76b1af8ab2b84ac7a253f502e75320.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-133663167744,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 102776
cf-resized: internal=ok/m q=0 n=605+0 c=3+201 v=2023.9.3 l=102776
last-modified: Wed, 06 Sep 2023 21:37:18 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf4Q_IkHhelTFxxx1T3nBmpnrne_YPQ8NgyooicLtuDQ:410ddb8c4eaac25a62a35f13ae67ba07"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PG4eN7r4ab3M%2FXnSuAtGvysl7ollRaGCNWzf%2Bx0uBkux2qUZCNT%2FnT1l%2FrPCbrIRLBsogy1vUbcy0MMgisJG2Mh0Fvp0Iw30oqIZJfg09L5odEa7ZG9FCmbhRMD1%2FAjUehqhVsUPOd67fsbOKEI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df3585c920e-FRA

GET
H3 200 Qakbot%20Malware%20Takedown%20-%20Blog%20Thumbnail.jpg
www.huntress.com/hs-fs/hubfs/ 14 KB
15 KB 78ms
78ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Qakbot%20Malware%20Takedown%20-%20Blog%20Thumbnail.jpg?width=600&name=Qakbot%20Malware%20Takedown%20-%20Blog%20Thumbnail.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d30ca73e6f0622753bfcbdec7af17d7ae055d455f8278e3e50b5c38142706734

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 cca9137c259ad738f790039a45561cee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-132488717844,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 14652
cf-resized: internal=ok/m q=0 n=981+0 c=1+12 v=2023.9.3 l=14652
last-modified: Wed, 30 Aug 2023 19:13:41 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfN8KOvCIiJ35--IC0GrHkwT8Xe_YPQ8NgyooicLtuDQ:0f25985372f96e2c92e1e31bc531101e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EIUf3VrbTE6XaXmi4H01d4%2B6cmnxcfmx%2BARWtnkS79Z6X72XfdYX0xMn77Jww%2BEHfwtKTs1mZQc11ZLBXLOcvpPksdBCxrJWw3FOn%2FXVwcleiWCPjwUKj5ABI7Tbln%2B7dj1o2KSoo5CWqEtVig%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df3585e920e-FRA

GET
H3 200 8.10.22_Blog_Graphic-01.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 23 KB
23 KB 87ms
85ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/8.10.22_Blog_Graphic-01.png?width=1667&name=8.10.22_Blog_Graphic-01.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f45ea05ba8826264b51a52408a28c126b053adbe8520def78af91a148594ff5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 e95a7a28b8645be1b2217f0d289a4450.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81793477636,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 23066
cf-resized: internal=ok/m q=0 n=1003+122 c=0+0 v=2023.9.3 l=23066
last-modified: Fri, 12 Aug 2022 01:31:30 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfB8rbcxhZyslABse-2ASrnc-r-MEr7UhIgQRFeFvgDQ:c6ea537e1a7b7a6ee5ce41bac2e75dae"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQLiGsDVpgJiac9SZC5ioYzogBmpxn1DkctXxWZSCBLgtK7p%2Bk5GlvLR4FvA4pMAN0s1IPe%2BNLcEDptSjHe7BhgnciN971jUSx8qGJDfUuL4bWuwWLw1p7HxEi06ekWkC75bLPdvmzsA7fSNfGQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df3989c920e-FRA

GET
H3 200 image1.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 200 KB
201 KB 126ms
124ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image1.png?width=1948&name=image1.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

160481cd92237198c50e8eaba0b214f4974484377dfe3baf331b26c4fa340922

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 e928b6930ba0ec9937ae31d26228b38a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81793404585,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 204570
cf-resized: internal=ok/m q=0 n=1159+156 c=0+0 v=2023.9.3 l=204570
last-modified: Fri, 12 Aug 2022 01:31:28 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cflHiYUW9nWb5Y_UGp0Ii3ABxXdRHej1hL-tuBSamTDQ:41d8cade216878d3784d627b5611cf68"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06rJSBfE9eB9hlSOI%2BbWB4e8GGnrFb1JbSItU18m3m5pbTTDCHTA7wlQo7bm9wWELwY7U3kCdDp%2BgCTjOyVNMCihh28NSeOOSCOM3AxaJyDDeRzKiqXRF13kDwrfOZ2aIzQLDjEvHFgTQkeBEhc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df3989f920e-FRA

GET
H3 200 image3.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 22 KB
22 KB 132ms
130ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image3.png?width=1800&name=image3.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cf9379ed37aff937075a246864c8a3c8a8f9071e661289c0df831454d031aaa

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 9462251ec1005d8753d5e222d6623242.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81793442051,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 22134
cf-resized: internal=ok/h q=0 n=55+135 c=0+0 v=2023.9.3 l=22134
last-modified: Fri, 12 Aug 2022 01:31:27 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfyLMAeAFBDQtBI8wwJ826M8oAZy98_zv6NP5EtU1vDQ:b16b41e91197960f1304a2e3df517a69"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I65EiF1IC499nm4ZXPx9Fm04kGU6v%2BbRaNx609VDRxzoqWwFOVIzVzVfpNrBMoUAwVwknQIHKCKam8MV7%2FkPkePoWZ7wk0HuddeYoiJGK%2BuGgAm4na%2Bl47EZpRBKyS2oRcm0Ox1e1uoIhrevMY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df398a1920e-FRA

GET
H3 200 image8-1.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 24 KB
25 KB 87ms
86ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image8-1.png?width=1814&name=image8-1.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5a6b9ef1e72397833a39c570bf78b7f816c6c8be57821030c80a8affca34530

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 1b866e6eb5f6e3ef570f3588da8a7b3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81859510807,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 24702
cf-resized: internal=ok/m q=0 n=945+123 c=0+0 v=2023.9.3 l=24702
last-modified: Fri, 12 Aug 2022 17:16:44 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf9zKMsYSgUYNeaKOCutQKuFV5rCOc9adsl-OKA4j0DQ:9eb7c76a4482d96e118aeff1db91d573"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cagqJZX2cvV7JijPCK%2B2sLfJWWAtnp1E89Ka7j9%2FQDWzBWq6hE%2FZT7Rtzqrl8Ve1fbeEO%2BKCL5iN4ZZrW1ThRFKgw8Cpi%2F9HcvdnsXGtW4KvTXmEcNOOu7HdVf6t%2BHTpsEiSZ1eAl875lqXd5OU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df398a4920e-FRA

GET
H3 200 image10.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 109 KB
110 KB 132ms
131ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image10.png?width=1999&name=image10.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f74153424f9e04eb89902bf48adaf8c5567e8d620d05690ad9446074d00a061

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=31536000
via: 1.1 c5c1467e47aa14975ca9a42cf837f5ec.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81793477633,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 111676
cf-resized: internal=ok/m q=0 n=1102+205 c=0+0 v=2023.9.3 l=111676
last-modified: Fri, 12 Aug 2022 01:31:28 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfNMp6zoz7U72lJDI4pYmTgPe6ATBhhMVGm9UnTP0gDQ:7b690360ff264262adfa5ee707b56c61"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0xucN9UgGuM7jJESvmd1eug7%2BId%2FrVyRsR4oUsqU97LbMwlUmj1ckpt90n4LsqZKWLwfvXnl3KNJuEn2QNFFXU%2F87nTDFMokScHfMF5FhB40OeasrtOkzQsf7C9dL5YkOZUDZItm%2FlwfGXl41s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df398a5920e-FRA

GET
H3 200 image11.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 72 KB
73 KB 926ms
925ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image11.png?width=1282&name=image11.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88587379198cff270a834119c612eb333b757dbac05c62276491c7ca5eed141e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000
via: 1.1 e0a9984713015b278be44810aa21197a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81793404584,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 74004
cf-resized: internal=ok/m q=0 n=742+0 c=1+49 v=2023.9.3 l=74004
last-modified: Fri, 12 Aug 2022 01:31:27 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf3rVpFkRzZ4Urc7YstNQp-rMsooXtDEHN9u3wdNr4DQ:04a9a33bd745a5b9bc166bb9fa99834e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXRYh9ykIVtDinAguWhFPdXewyqNwHQkOrUd8cvJ512MPrdf9zK2bEjxL0eGqt8ldy%2F37lpWq%2B5%2FTx0DE%2Fwv1y5p1L%2B7NyQU3n0TWZDqdaV8rcEkird7ou8dCi9Fg22tqeYKtNNTsg1L%2B81JkP0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df398a6920e-FRA

GET
H3 200 image5.png
www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/ 224 KB
225 KB 1175ms
1173ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20-%20Cleartext/image5.png?width=600&name=image5.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a88640fc41e00e4363eaa7f824143cadb419e2437cdac21ca9573fa9afde1dc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
strict-transport-security: max-age=31536000
via: 1.1 0427e61e9a445e92793b25f38fbdcb74.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-81794101854,FD-81794101848,P-3911692,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 229118
cf-resized: internal=ok/m q=0 n=820+0 c=8+230 v=2023.9.3 l=229118
last-modified: Fri, 12 Aug 2022 01:31:28 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfxKOBR6EOrxce6vCci_Rp6Jlje_YPQ8NgyooicLtuDQ:01f3b443902b2fc2a5669c524d1f8276"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZuwJHiQS8QsiadX64V9nwXT3ihfygG5%2B1omYizF%2BROWuWCrDkFc1wOA3a1Ctz5tIIXdClS3Mn4FK3%2FZAzB%2BX60TxG7vHcaeugkN95x1uzcV%2FeWc9TehzIsglj9A%2FZElkC21XWjT2drus1iAuso%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df398a7920e-FRA

GET
H3 200 json Show response
www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/ 9 KB
4 KB 178ms
178ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/json?hs_static_app=forms-embed&hs_static_app_version=1.3775&X-HubSpot-Static-App-Info=forms-embed-1.3775

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2687a401b63f6c7554a4cb3f6b45600db33daa02e47e6e70b6407f56f49c8e46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4ba9a2a5-ba02-41c1-b1e9-18ca37df5f10
content-encoding: br
x-envoy-upstream-service-time: 15
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4ba9a2a5-ba02-41c1-b1e9-18ca37df5f10
server: cloudflare
x-trace: 2B5F1BCDE73DEC58E813CE5DF266DE086E9CCFB3FF000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-p9jdw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmkmGe3f%2B3OuuzbYsF451XKWfkUGyNPMBZixOTCXP0MlLJ%2B%2F%2BZgNHOrtmCDjRkPP34PCLEsA9XlZHlP5ljDev1DSxud2VchDqBKXPx5z684glC5c5LHnd2o5U7gzYjy9xoEVhFsEFSXMAtSZW4s%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 808a8df41913920e-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 10 KB
4 KB 132ms
42ms Script
application/javascript 18.66.97.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-53.fra56.r.cloudfront.net

Software

Resource Hash

819c86c5f98c0bbbc51c296df8c5528e4a02c3438c8da3d84f75b585e67851cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 18 Sep 2023 15:16:21 GMT
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 52
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/1d75cf6c127e9e576b5c99edbd8f29d4
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: BZ-TStDN9W2eF4lJz4P96HiXyB-W2d6mJodiihB3ZUXZbvffySkGag==

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
2 KB 51ms
49ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:12 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: ZBK9GVWNHMM615HE
age: 1449
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QApJjUMe6dPSmzYXiYFc6dOGGKZMkdZ0kUVJbzRIgTVpYxPQx33CSERxtLdkqDuVapIv8BDSyiw=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 808a8df41e8d1952-FRA
expires: Mon, 18 Sep 2023 19:17:12 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 122ms
121ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8fb8fb56bfa0d76b014e7664f61e68736423ec485951b24b26b206976747931d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 18 Sep 2023 15:17:13 GMT
content-md5: i44qSPbB1ffivIGF47GxFg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: H6ScTF5stPVfCzSU4uai+BiVKRRyqJmtOzKnmilCbnDIZhcCsi+yC6cOxNwHIwNIy/zAN+o2ImqILRz1wxUTKg==
x-fb-content-md5: c906c9fdb56df29f000830fa7c96096b
cross-origin-opener-policy: same-origin-allow-popups
etag: "6d831324fda3b63d528bd554b3872c46"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Mon, 18 Sep 2023 15:18:23 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 159ms
39ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Content-Encoding: gzip
Age: 1330
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (frb/6724)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1695050100000/ 68 KB
22 KB 261ms
174ms Script
text/javascript 2606:4700::6810:4dba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1695050100000/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4dba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a39f397a578fab590d3c22622caee469a713bfd40fae24504ca280157fe53f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 6BQFPP2TXP6X3GBN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 0d11f785-00a9-4316-bc36-608f2c3e819a
x-envoy-upstream-service-time: 15
x-amz-id-2: AoX69rduPj6Shq350hVp/yBDJWqHUX8b1U7GPKNKHdW6SKxeRniTyEzYSJRHZzJX/YUFNDJf6D0=
x-evy-trace-listener: listener_https
x-request-id: 0d11f785-00a9-4316-bc36-608f2c3e819a
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 15 Sep 2023 17:56:44 GMT
server: cloudflare
etag: W/"09b5e22a27b7a1244770925937eb9756"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ww4tr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 808a8df52bc32bde-FRA
expires: Mon, 18 Sep 2023 15:22:13 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 131ms
48ms Script
application/javascript 2606:4700::6811:e6a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e6a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9186483d7071bcb65b228ec02e65e8fb1cf8dfb9c0996ef65800eff7f6bf81cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-version-id: Z4OPbZcWtGszgGWx07Led5i4WClVVjeQ
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 408
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.481/bundles/pixels-release.js&cfRay=808a83ff0daa362b-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 4273d85a-2ace-477e-a593-570a6dca87f8
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4273d85a-2ace-477e-a593-570a6dca87f8
last-modified: Mon, 18 Sep 2023 02:30:10 UTC
server: cloudflare
etag: W/"6f590a2d716d3ee0bb1bc07af2e23b0f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-msqvj
cf-ray: 808a8df51b16365b-FRA
x-amz-cf-id: WCptiuevFBmUqBeTzXr7Tcddg3US8QN5FMKG3uXbcIWF4Y1aNDA0tQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.481/bundles/pixels-release.js

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 263ms
152ms Script
application/javascript 2606:4700::6811:5a9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5a9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-version-id: EcjZkyUfgxNGQ.xnv1Vqq9Oda2f1T.dE
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 8cc17174-1c28-4cf4-86ad-e9b407f3c846
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.394/bundles/project.js&cfRay=808a8df59f2890da-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8cc17174-1c28-4cf4-86ad-e9b407f3c846
last-modified: Wed, 09 Aug 2023 09:05:38 UTC
server: cloudflare
etag: W/"6fb5b8aa66d730f2a49b41a9c712ffa7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-89hzd
cf-ray: 808a8df59f2890da-FRA
x-amz-cf-id: BkrzFqvqPvgJku4X38GShGAbKM44lGmCAMDOrgXixtKDmCnWme_SLQ==
x-hs-target-asset: collected-forms-embed-js/static-1.394/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 154ms
49ms Script
application/javascript 2606:4700::6812:7a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7a0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-encoding: br
age: 73151
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=8083940c8ea63617-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b41828c438dcec976b93ddee1edebd6d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-version-id: w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ce58b803-fa29-435d-9f24-390e2012cdf6
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: ce58b803-fa29-435d-9f24-390e2012cdf6
last-modified: Mon, 04 Sep 2023 12:55:59 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-vvkfx
cf-ray: 808a8df5afc718ed-FRA
x-amz-cf-id: SkaZEFaIhjXd7P56az-QL55NodX3q9HLWxG2PL0Lxtu-Y0bBL4RvSQ==

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 60 KB
16 KB 525ms
433ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b5018e12454c16a3fc8ed8943845042f295636863515c4d480578ef9fc0bb0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
x-amz-version-id: VWYROBw8TcuCN_h5gtyTlReTgciW2CGg
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: PWHATGJ5H565474R
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 152e65ba-50ad-4164-b7ce-c0678f4b9131
x-envoy-upstream-service-time: 21
x-amz-id-2: oiga9l3RympatmnMPaF2Q2fVx9CP8KrBngP7U23a27OE5zqNzIRwExCzOEyx54T55XKj1F1JKk8=
x-evy-trace-listener: listener_https
x-request-id: 152e65ba-50ad-4164-b7ce-c0678f4b9131
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 13 Sep 2023 19:55:30 GMT
server: cloudflare
etag: W/"a37a19201f04be22e0db30406af42a17"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 808a8df5af739188-FRA
expires: Mon, 18 Sep 2023 15:22:13 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
424 B 296ms
296ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3911692&callback=jsonpHandler

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 11f1d0c1-342d-45e9-b95b-d55a48fdcbad
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=808a8df51bb93664&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 11f1d0c1-342d-45e9-b95b-d55a48fdcbad
server: cloudflare
x-trace: 2B8AAA699F7E3195D0DCF29CAD02344A9CEF4569C7000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-p2dkf
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 808a8df51bb93664-FRA

GET
H2 200 facebookPixel.js Show response
fast.wistia.com/assets/external/ 15 KB
4 KB 47ms
46ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/facebookPixel.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2e2e6c370c979a507b7de1b2b5326c7f60298db2106d2b2c955935f8149e48ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 1347
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 3846
x-served-by: cache-iad-kcgs7200028-IAD, cache-fra-eddf8230101-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050233.086135,VS0,VE0
etag: "64b6fff153ed8e7ee1ca5a56206d1c59"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 10, 5

GET
H2 200 googleAnalytics4.js Show response
fast.wistia.com/assets/external/ 16 KB
4 KB 47ms
47ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/googleAnalytics4.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e749e542920c472fb1236b637be9c888e523748567a8373a1c406aec9abb12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 1529
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 4160
x-served-by: cache-iad-kcgs7200072-IAD, cache-fra-eddf8230101-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050233.086178,VS0,VE0
etag: "d0aa1c1ffa7868dfbb7a81d7cd420f39"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 16, 13

GET
H/1.1 200
OK 256149
bidagent.xad.com/conv/ 42 B
342 B 552ms
123ms Image
image/gif 54.146.203.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidagent.xad.com/conv/256149?ts=1695050233067
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.146.203.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-146-203-247.compute-1.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 278ms
272ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&pageId=81792409861&pid=3911692&sv=cta-embed-js-static-1.202&rdy=1&cos=1&df=t&pg=9a647ae3-ff72-4027-9e81-f319760a7014

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3efbf6f165c36ae7ca340e39ef4d6f99ddb6762abad052d5e02de82cc131376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fbff4d1a-9995-4e32-932f-2b3b5f64cf55
content-encoding: br
x-envoy-upstream-service-time: 79
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fbff4d1a-9995-4e32-932f-2b3b5f64cf55
server: cloudflare
x-trace: 2B4DA81C29F3A3AC0AB9366923373876D0A049789C000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-kw4z4
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocT7Q8PpRVd65Hew%2Buuye0gNtB3RPxzgG92zWWQgo9UzKSnyictxW2P1MP9oDOyDcncENjTF2l1KI%2F4N3pS2BzuRI%2BTNX19SRknPJHSSZUQWu0PRJWAtoLLkQtt2VAVC1dUcArgj%2B5lpV7ukCxk4Td2NSk05L0dQBRk%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 808a8df4eb663664-FRA

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 44ms
39ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Aug 2023 12:14:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=50217
accept-ranges: bytes
content-length: 4862

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 259ms
145ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=59ccb1c2-1a95-4469-94f3-cc2ee2fab734&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=461e96ff-5c5e-43ee-908f-aece46bbc438&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-response-time: 104
date: Mon, 18 Sep 2023 15:17:12 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: eae5e25817dead13
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: a431a0279d425b17ab771c4e53c47c263d03d76d3b983834ab8a587a0bc0f07b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
726 B 246ms
150ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=59ccb1c2-1a95-4469-94f3-cc2ee2fab734&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=461e96ff-5c5e-43ee-908f-aece46bbc438&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: fa0573800064a1ea
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 0713e2b38f94c2ba7a0fd5d27eeff9d83ebf3b18738c3f5777e9a846140a6a92
content-length: 43

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 41ms
40ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1893531742&t=pageview&_s=1&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&ul=en-us&de=UTF-8&dt=Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAgAAAABAAAAAAAAIk~&cid=2024779915.1695050233&tid=UA-67431920-1&_gid=1537126209.1695050233&gtm=45He39d0n81WVGPJJ5&gcs=G100&z=383496397

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Sep 2023 15:32:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85494
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
471 B 163ms
162ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1695050233108&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17715818
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdsNG8VnOaKnItgBOowUb0Gh_YWO4Uzu7i5C9cGmwjI3XFi3CaSzoFD0NgxW3KNPgXARgPRQ8L_dLUoJytwI9HDdzodYaBVS
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 18 Sep 2023 16:17:13 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 243ms
143ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1695050233108&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 18 Sep 2023 15:17:13 GMT
expires: Mon, 18 Sep 2023 15:17:13 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvnJbvaZQg8jKowKtboZ_InP5iuspyG_W3D14MIr-DJagFxaGDqWymFVQLtVwF2NWTv9XISKLoAumyIlscJQZXGCGrXGulV

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
357 B 121ms
121ms XHR
application/json 54.144.37.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDc1MzJ9.cEH1s6yztON1Ehgx-719N-kMH0OD6S-0URMdFL8pAP0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.144.37.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-37-180.compute-1.amazonaws.com

Software

Resource Hash

b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 0516ca136f07a635fcafca544e8029f1

GET
H2 200 187059084.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 64ms
64ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187059084.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 18 Sep 2023 15:17:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CA56A011E5BB4253AEAA3AC170967759 Ref B: FRA31EDGE0809 Ref C: 2023-09-18T15:17:13Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
287 B 98ms
97ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=7044c969-60b1-4380-ad2d-5053ec56bcd1&sid=71b79350563611eeadc611a803b267b5&vid=71b7e280563611eebf7fcd8103f69732&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&r=&lt=1641&pt=1695050231414,,,,,0,1,66,66,258,105,258,652,657,654,1633,1637,1641,,,&pn=0,0&evt=pageLoad&sv=1&rn=654773

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 18 Sep 2023 15:17:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2AFB91CE077844B694DCD763A25E732A Ref B: FRA31EDGE0809 Ref C: 2023-09-18T15:17:13Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 236ms
145ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1695050233121&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=0a0da1b1-2a5b-42ff-b8ae-06932b235878&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 403957864408442 Show response
connect.facebook.net/signals/config/ 490 KB
134 KB 213ms
210ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/403957864408442?v=2.9.127&r=stable&domain=www.huntress.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

646e089067f8b1512a750b28610b468451cc4a7343aecb3bcaac77fd1f1f4084

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 18 Sep 2023 15:17:13 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: TtOzQ6J2u3ZrPrkEdWwrk2Qrn/dI0IYsLKZIilXcuK+MecsICeyUymK2mWuRhsAl/uX6FDPPowcUaVHbmp+r8w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 309 KB
87 KB 84ms
40ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=edcc7c05d9349add9f54caef5fb5679f

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4e97e5c7e3a36777468cb362523ee4c670cdb239897551cbb8fbf390d71858d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 18 Sep 2023 15:17:13 GMT
content-md5: GUrdeL6evua83uv0wHnMRg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88836
x-fb-debug: HxkpGzqLpWkvPndarpsT21gDKF1Bnrurz5wyjkxxObBGmuqau+14BOSUyB/EOLELDlibJGlRbxaEKyMIAzrHMQ==
x-fb-content-md5: ff2d48efd7da38550d1b620d9081c06d
cross-origin-opener-policy: same-origin-allow-popups
etag: "3dc1a4e95eaf7be2a92ba204d6c48b24"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 17 Sep 2024 14:08:42 GMT

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 265ms
179ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 1c8d5ed8-76ac-446e-a60d-24c3cd9cef7d
x-envoy-upstream-service-time: 8
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1c8d5ed8-76ac-446e-a60d-24c3cd9cef7d
Server: cloudflare
X-Trace: 2BF3E51004AAAFB8144251E3DC24C34478EC626968000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6fhst
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 808a8df6c8a01d92-FRA

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf

Request headers

Referer
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 swatch
fast.wistia.com/embed/medias/hgw5udjwka/ 3 KB
3 KB 47ms
46ms Image
image/jpeg 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/embed/medias/hgw5udjwka/swatch

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

896ec2a677639c5ec7f77c8e61f7ee0ad0d0ae21d486fe58de720329307ea21b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
access-control-request-method: *
via: 1.1 cbb1ad5df105c42cc24cca0b876989aa.cloudfront.net (CloudFront), 1.1 1c270697a065feaf9aaa711be1cb8b0c.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
x-cdn: cloudfront
x-amz-cf-pop: IAD89-P2, IAD55-P2
age: 1142247
edge-cache-tag: 5a508bb9b92a8da09e3893e3d45cc0dec3e09bad
x-cache: Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 42
content-disposition: inline
content-length: 2873
x-served-by: cache-iad-kiad7000119-IAD, cache-fra-eddf8230101-FRA
x-browser-version: 117
last-modified: Fri, 12 Aug 2022 01:25:20 UTC
server: envoy
x-timer: S1695050233.245957,VS0,VE0
etag: BCZGW2oQxsoUZU08bmF0feIdj6k=
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, no-cache,max-age=31536000
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Fvv3Qog_j7HHQWm_HhOZGd6_R9rMAZGpdcQ-iihHF3hteb08gDal8Q==
x-cache-hits: 5, 2

GET
H2 200 5a508bb9b92a8da09e3893e3d45cc0dec3e09bad.webp
embed-ssl.wistia.com/deliveries/ 114 KB
115 KB 183ms
51ms Image
image/webp 2600:9000:21f3:ba00:1e:c86:4140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed-ssl.wistia.com/deliveries/5a508bb9b92a8da09e3893e3d45cc0dec3e09bad.webp?image_crop_resized=1920x1200
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:1e:c86:4140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 423c954159de258117619e1a7617772fbc5a6910bee7ccf2966dda821d0cd510

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 07:20:21 GMT
access-control-request-method: *
via: 1.1 debe291145dc27044f50d04bac101cd8.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: FRA2-C2
age: 28612
edge-cache-tag: 5a508bb9b92a8da09e3893e3d45cc0dec3e09bad
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 467
content-disposition: inline
surrogate-key: 5a508bb9b92a8da09e3893e3d45cc0dec3e09bad thumbnail-delivery
last-modified: Fri, 12 Aug 2022 01:25:20 UTC
server: envoy
etag: mwGji6mXXzBD9XXvhn28otISoU4=
vary: Origin
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: none
x-amz-cf-id: 8TocTgiPqL00PEpNtMqmRI5fxdFa_FIjWoX6cu1yd5TpgZKUqSzXXQ==

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
465 B 121ms
120ms XHR
application/json 54.144.37.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.144.37.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-37-180.compute-1.amazonaws.com

Software

Resource Hash

ca19d84b96dbe58c125291ceda4b9cfe9c884a1764677ce42a6da3d1cbba3a5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 14c80628e3120e4a503962a331fff310

GET
H2 200 modules.afe18b03a2724895a0ac.js Show response
script.hotjar.com/ 223 KB
55 KB 154ms
52ms Script
application/javascript 13.227.219.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.afe18b03a2724895a0ac.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-28.ams54.r.cloudfront.net

Software

Resource Hash

2511f97f0c01a302b753d9697deba3a0bc995f3ea0ec5ac7e9db919cdb7d44f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Fri, 15 Sep 2023 08:50:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 282427
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55728
last-modified: Fri, 15 Sep 2023 08:50:05 GMT
etag: "50b731696057a5c499ba8226c71b47ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: WF3IAtAY-pBoQ0Kh-smGUx8ZJw0LFUghXeOF3tCXw1lG7fAWm-7w7Q==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/ 36 B
367 B 305ms
197ms XHR
application/json 2600:9000:20eb:9000:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9000:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: accept-encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: _g4z20DwerDSZEQjVz12OIu2KMl3qms6rKDL-ylOHiPJ_aL3WOrF1A==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&coo...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1695050233265%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&coo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&co...

0
264 B

371ms
234ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cookiesTest=true&liSync=true&e_ipv6=AQKKM8LSv8bNKAAAAYqo3foc31BesJASVvJkIYy8_aYIErHoVWWugrhSCt-9OALu_MksR9A
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 850FA4AC955144BDBAA6F2F2CBFB2B17 Ref B: FRAEDGE1205 Ref C: 2023-09-18T15:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYFo6MeT0q/clruukCe2w==

Redirect headers

date: Mon, 18 Sep 2023 15:17:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 98D0816E49CC403D864E1B1BF623C005 Ref B: FRAEDGE1212 Ref C: 2023-09-18T15:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1695050233265&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cookiesTest=true&liSync=true&e_ipv6=AQKKM8LSv8bNKAAAAYqo3foc31BesJASVvJkIYy8_aYIErHoVWWugrhSCt-9OALu_MksR9A
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYFo6MY1k6vihSoAiQ6aQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/ 36 B
365 B 303ms
197ms XHR
application/json 2600:9000:20eb:9000:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3281745/domain/huntress.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9000:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: xDpIMmC2Pc1NsbXVjN6A556rOCrKLq7Wn1_fYgtUjpkZ1qodXrpPKA==

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
465 B 131ms
117ms XHR
application/json 54.144.37.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.144.37.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-37-180.compute-1.amazonaws.com

Software

Resource Hash

92d88b9e16931b83b2136b27fff224cb9a3c3f96b344b050b48c9c3fa66506db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 222d08fa004676908f03654b1b72715d

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1017 B 314ms
206ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: d66fe34b-8635-4bb3-961b-a80097eb5418
x-envoy-upstream-service-time: 44
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d66fe34b-8635-4bb3-961b-a80097eb5418
Server: cloudflare
X-Trace: 2BF5FD8C0125D0A28B48C685319BC20AF5B21364AC000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-bgnx4
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 808a8df7cbe837fc-FRA

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame F728 320 KB
104 KB 40ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2359181
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Sep 2023 15:17:13 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BE)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 187059084 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 304ms
162ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187059084
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/187059084.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0e7eb744d9cada958cbc60dba14b941983ce201cf9ed8259d07bd4b70e36dd69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

expires: -1
date: Mon, 18 Sep 2023 15:17:13 GMT
x-azure-ref: 20230918T151713Z-31t4v1hf3h6wr5fmefdacx97ss000000082g00000000rnha
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 2182
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 133ms
132ms Stylesheet
text/css 18.193.29.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.29.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-29-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 756b599d8baf9e385cf3b71a5adfebe5adb47612febd4c8b1c2f5837f8530bbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 18 Sep 2023 15:17:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 221ms
131ms Fetch
image/jpeg 18.193.29.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.29.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-29-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 18 Sep 2023 15:17:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H3 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 223ms
222ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=9a647ae3-ff72-4027-9e81-f319760a7014&lt=1695050232766&dt=1695050232767&at=1695050233371&ae=1&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ea2817cf-01ee-4514-bf51-385104f637bc
x-envoy-upstream-service-time: 34
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ea2817cf-01ee-4514-bf51-385104f637bc
last-modified: Mon, 18 Sep 2023 15:17:13 GMT
server: cloudflare
x-trace: 2BF54CDCB5E3A83D567CE2CC3E0D4B457BCA81BD82000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rIMjOFl1%2BgFVc434gKwtohzpDPR43y%2FAdrNwIprkz7KsCSp79LAFtwcbggYvcG5ZaP5rpGu2Epstat%2BvredPidhFI%2FjhBu%2FXspWBq1G19YzgghNE3U0I6qAhm2TEartwgIUWCYb53eZwuVVLRvs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-bgnx4
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 808a8df6ac2e920e-FRA
x-robots-tag: noindex, follow

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 312ms
192ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 048440ea-7c41-484f-b201-b7c9dea1f043
x-envoy-upstream-service-time: 19
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 048440ea-7c41-484f-b201-b7c9dea1f043
Last-Modified: Mon, 18 Sep 2023 15:17:13 GMT
Server: cloudflare
X-Trace: 2B0F58EC059510D11FA861617254477639C61C25BA000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-2dtzq
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 808a8df809fa1cc1-FRA

GET
H2 200 b0ad4e78-a5e5-4699-b82b-bfeb2af02de5.png
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/hub_generated/resized/ 92 KB
93 KB 1186ms
1095ms Image
image/png 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/hub_generated/resized/b0ad4e78-a5e5-4699-b82b-bfeb2af02de5.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 062d666beaf1dcb9e94721b47455c6de55b4aa4cc59b4a16de64383a74262ab3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-version-id: KlnrYeu3JkQSqub_pel_zd4hVyOs19iS
x-amz-cf-pop: FRA56-P7
x-amz-request-id: KYJ4CE3FJ0BSZJ4Q
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
content-length: 93962
x-amz-id-2: 1eLcs+h7GZRcbAmgQP9nkBewcNCPfC1ehr17ew15BEt7vFthH4d+ieObGs51FbF49OfOTZyM4dM=
last-modified: Thu, 14 Sep 2023 21:01:19 GMT
server: cloudflare
etag: "d290cf01ac382e943bcea8e6d081231d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 808a8df73ee82c55-FRA
x-amz-cf-id: rjbuzUhxXaR7pP_5KBjW3K3Js3lyxbm4b8DR9D4-B3hCNt7mhExk7A==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 280ms
181ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Mon, 18 Sep 2023 15:17:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 72c3a630-7440-4aa7-89aa-bff8aff2000e
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 72c3a630-7440-4aa7-89aa-bff8aff2000e
Last-Modified: Mon, 18 Sep 2023 15:17:13 GMT
Server: cloudflare
X-Trace: 2BA18FD22A2332FC0F86F3A57F09140864B0A10B1F000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-8hpn4
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 808a8df86b192bad-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
434 B 174ms
164ms XHR
application/json 2606:4700::6811:5a9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5a9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6b630655-108c-4059-aab1-0c5c6fbfbde2
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6b630655-108c-4059-aab1-0c5c6fbfbde2
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-6mr8p
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 808a8df6f90690da-FRA

GET
H2 200 settings Show response
syndication.twitter.com/ Frame F728 869 B
659 B 254ms
144ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=4c1c8b0ad98cfabfc4e2aac8f3b510ada3977719

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

x-response-time: 105
date: Mon, 18 Sep 2023 15:17:12 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Mon, 18 Sep 2023 15:17:13 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 91b47973c7176be4
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: ff90d52b73af59be85e9e6ab3d763f8b88a681dec97e606b782df0ad48444011
content-length: 337

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 140ms
44ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&rl=&if=false&ts=1695050233450&sw=1600&sh=1200&v=2.9.127&r=stable&ec=0&o=30&fbp=fb.1.1695050233447.1362793925&cs_est=true&it=1695050233138&coo=false&rqm=GET

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 18 Sep 2023 15:17:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
BLOB 200
OK fecfd5d3-bc5c-4887-9b03-c741d6754c6b
https://www.huntress.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.huntress.com/fecfd5d3-bc5c-4887-9b03-c741d6754c6b
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
311 B 148ms
146ms XHR
text/plain 18.193.29.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&t=Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY&tip=tcbk1al131Qovhs6-GkZ_LyyHw83pbC2U9MsFzJBZ-M&host=https://www.huntress.com&sa_conv_data_css_value=%270-23274dc7-b2a5-5112-533c-a9899e314bea%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd923274dc7b2a55112533ca9899e314bea50ff0768&sa-user-id-v3=s%253AAQAKIPOUqYQv-xkHqmEcch57B1ccJLCW-dLtny8kgAXdsQ3TEHwYBCD506GoBjABOgSEo62DQgTftGoB.mT9nl7%252BMlOM3o%252Fwz%252BRWxArn%252BRy%252Bu1rSq%252BI7Xxl4wB7o&sa-user-id-v2=s%253AIydNx7KlURJTPKmJnjFL6lD_B2g.QogU%252FSc%252B8%252F45lvAdwqK1SCFKoY4jmYdAw21J8cXXDvk&sa-user-id=s%253A0-23274dc7-b2a5-5112-533c-a9899e314bea.GQ7yemrqXG31j2sGm4nnjOjYTMQuYzwietcKxoZzbQw
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.193.29.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-29-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a65d5029de63edbd0e5fae2126da85af8557be5af9082adb5e8f1cd3c081f120

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-origin: https://www.huntress.com
date: Mon, 18 Sep 2023 15:17:13 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 6si.min.js Show response
j.6sc.co/ 51 KB
15 KB 59ms
58ms Script
application/javascript 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Aug 2023 22:29:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64e7d9dd-cc38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14993
expires: Mon, 18 Sep 2023 15:17:13 GMT

GET
H2 204 2159185 Show response
vc.hotjar.io/sessions/ 0
258 B 147ms
58ms XHR
text/plain 18.239.36.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2159185?s=0.25&r=0.1062704302060884
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.afe18b03a2724895a0ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-120.ams58.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
via: 1.1 cda23f0bbfe83784416efeada1ac1cf8.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: AMS58-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: HHBRFj6pgV4T8mEP4NnZmrAMq5NFfRhjmfBhAw1AhYCWVGpYz0nBDQ==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
625 B 241ms
194ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f6fc6a2a-577f-40c7-bb4b-8fb06c7df410
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f6fc6a2a-577f-40c7-bb4b-8fb06c7df410
server: cloudflare
x-trace: 2B55064C1E9DAD087E01A2DA1C8B3E0D023AB98597000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkh7m
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 808a8df9595a5caa-FRA

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 398ms
107ms XHR
application/json 63.32.22.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.afe18b03a2724895a0ac.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 63.32.22.194 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-22-194.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5a576ec15b23aa50645676f64b2d3e30ee9d55893d95529f5a74579579f2f250

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 18 Sep 2023 15:17:14 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
573 B 290ms
78ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:14 GMT
an-x-request-uuid: 83aafdab-4712-4bb4-afb9-406ef4d92a7e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 43ms
41ms XHR
text/html 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
310 B 252ms
42ms XHR
text/html 2a02:26f0:280:4::213:7861
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:280:4::213:7861 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8912320737e38147499c4a1e19c30ca5ba1bdc092378f86d6d18952ec1f61bd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:14 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.huntress.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1695050233866_34830177_639299753_12_574_72_139_219";dur=1
content-length: 19
expires: Mon, 18 Sep 2023 15:17:14 GMT

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 300ms
209ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 808a8dfa4fce9bb0-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 18 Sep 2023 15:17:14 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: d8a9ea24-e4b7-44ae-ae8d-4f10abb447da
x-request-id: d8a9ea24-e4b7-44ae-ae8d-4f10abb447da

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
131 B 172ms
172ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9912cabf-4541-45b8-9794-418177f4c2bb
x-envoy-upstream-service-time: 24
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9912cabf-4541-45b8-9794-418177f4c2bb
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 808a8dfb393c9bb0-FRA

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.10/ 57 KB
24 KB 167ms
166ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.10/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187059084
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:13 GMT
content-encoding: br
last-modified: Tue, 05 Sep 2023 13:50:16 GMT
etag: W/"0x8DBAE170900AD3F"
vary: Accept-Encoding
x-azure-ref: 20230918T151713Z-31t4v1hf3h6wr5fmefdacx97ss000000082g00000000rnku
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 7beec115-601e-001d-0d5d-e52367000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
590 B 307ms
307ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d36e74c0-d9c4-4efc-915d-d26b26ccb881
x-envoy-upstream-service-time: 140
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d36e74c0-d9c4-4efc-915d-d26b26ccb881
server: cloudflare
x-trace: 2BC3D1FB78AA49E68A09AE3A1524DFB3B81E57919A000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6fhst
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 808a8dfa5adc5caa-FRA

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 2FEC 0
50 B 39ms
39ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.huntress.com
Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.huntress.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 18 Sep 2023 15:17:13 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 266ms
261ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=d4982970-cc7a-4525-808e-4583e643655f&session=7f4ad4f4-1fa6-4489-8339-87ae84a6ee45&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e666a54d-ff29-48f9-9baa-2be6ac05412e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2018%20Sep%202023%2015%3A17%3A13%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20unravel%20an%20investigation%20that%20details%20one%20way%20threat%20actors%20are%20able%20to%20gather%20cleartext%20passwords%20via%20NPPSPY.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&pageViewId=3ad8981b-67f4-4537-88c9-e6d0163ee0da&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 269ms
269ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=d4982970-cc7a-4525-808e-4583e643655f&session=7f4ad4f4-1fa6-4489-8339-87ae84a6ee45&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22We%20unravel%20an%20investigation%20that%20details%20one%20way%20threat%20actors%20are%20able%20to%20gather%20cleartext%20passwords%20via%20NPPSPY.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&pageViewId=3ad8981b-67f4-4537-88c9-e6d0163ee0da&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
296 B 435ms
161ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Mon, 18 Sep 2023 15:17:14 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
296 B 650ms
397ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Mon, 18 Sep 2023 15:17:14 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 406ms
406ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
rc-widget-frame.js.driftt.com/ Frame 9038 2 KB
1 KB 493ms
380ms Document
text/html 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1695050400000/5d3cypit2iz8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Mon, 18 Sep 2023 15:17:15 GMT
etag: W/"6a5cea74d414ec151635bd2880abb1c3"
last-modified: Mon, 21 Aug 2023 14:57:03 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-id: G0PdCYq7crPnG6jL1EsIIHk3ekZh2x_-1Yv89JpOsDqdk6bYb5ecFg==
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 19

GET
H2 200 playPauseLoadingControl.js Show response
fast.wistia.com/assets/external/ 79 KB
21 KB 122ms
41ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/playPauseLoadingControl.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

96bdbfc5920f60b62c1887eb76735c3780b77303ae572773a958e0d3cc2c7d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 768
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 21011
x-served-by: cache-iad-kcgs7200128-IAD, cache-fra-eddf8230052-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050235.307471,VS0,VE0
etag: "540383ce0b78cd15a98de3f56f075662"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 54, 42

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
476 B 182ms
181ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3298999280&v=1.1&a=3911692&pi=81792409861&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cpi=81792409861&cgi=39343107504&lpi=81792409861&lvi=81792409861&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&t=Cleartext+Shenanigans%3A+Gifting+User+Passwords+to+Adversaries+With+NPPSPY&cts=1695050235228&vi=1b477f3c3fd464ce792c1652077d1aed&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e847982f-bced-4b77-ae2b-e90b0fa90aba
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 17
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e847982f-bced-4b77-ae2b-e90b0fa90aba
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBAhd7sIwdGNaEB8x%2B%2B0vyxSM2i3NnMw%2Bgc5BZ0rB%2B1tDFRfEquOfaXqwyjKyZWcUvIlZM7NQ3ySY%2FTO9AYy53CB9ISF14jBgi%2BonY2re9CmppuszrFPHOMT00SBhs95jEt9Kg22uCXZT6mC7UWK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-p7d9d
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 808a8e024c0e3664-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
633 B 172ms
172ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7bd602c3-2854-4be3-9775-664693d200f7
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7bd602c3-2854-4be3-9775-664693d200f7
last-modified: Mon, 18 Sep 2023 15:17:15 GMT
server: cloudflare
x-trace: 2B4CCCA526EF9C97C53BA01784CECF9F4C5B21A6AF000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-fz7bv
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 808a8e024fd65caa-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
568 B 179ms
179ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=196be66c-f1bb-4156-af05-2952954526cd&fci=803c40cd-aa13-480f-a42e-60c1aa95f9b0&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3298999280&v=1.1&a=3911692&pi=81792409861&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cpi=81792409861&cgi=39343107504&lpi=81792409861&lvi=81792409861&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&t=Cleartext+Shenanigans%3A+Gifting+User+Passwords+to+Adversaries+With+NPPSPY&cts=1695050235229&vi=1b477f3c3fd464ce792c1652077d1aed&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: cecd594b-512d-466e-bce5-69f83e274e3d
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 3
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cecd594b-512d-466e-bce5-69f83e274e3d
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjBgIw3yMjSbAO85j8JdIh0I9LouD%2BgyRTi%2Bw09NiewSx%2BmR9uHwgmcYIJ3qGSj1xUU6jvH9T0Aia5ZEmPhMUmRx3hMPL5t9MWi%2BWHfkPCc4NN0LWNfMfyopWE1ffgRr1at4%2FOOf1UzY0vACmyK1"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-c4jbk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 808a8e025c283664-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
630 B 164ms
163ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%229a647ae3-ff72-4027-9e81-f319760a7014%22%2C%22d7bfdc7b-6192-4355-a14d-1bc48f0a0508%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3298999280&v=1.1&a=3911692&pi=81792409861&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&cpi=81792409861&cgi=39343107504&lpi=81792409861&lvi=81792409861&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&t=Cleartext+Shenanigans%3A+Gifting+User+Passwords+to+Adversaries+With+NPPSPY&cts=1695050235231&vi=1b477f3c3fd464ce792c1652077d1aed&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2842fa31-7957-4cc5-ad94-7c6767353ba7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2842fa31-7957-4cc5-ad94-7c6767353ba7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQOPR2zpSl95Bbv5GDtX%2B2JPJh%2B%2FXZePIbiEoqR%2Bqj0byujXNO4aLiXScx3z2giqXll4cwlpESf0Yb3FM%2F2S1U5SYVrwBWPrkT2Mp90hAs4XR5UnGQKEJ1jpQswC%2FHLEuW4wy5bC4U1%2Fb7j4Ga%2FV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-c27v2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 808a8e025c2c3664-FRA
x-robots-tag: none

POST
H2 200 mput Show response
pipedream.wistia.com/ 2 B
329 B 224ms
132ms Fetch
text/plain 2600:9000:236e:9200:3:471f:5240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pipedream.wistia.com/mput?topic=metrics
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:3:471f:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
server: envoy
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
content-type: text/plain; charset=utf-8
x-envoy-upstream-service-time: 1
content-length: 2
x-amz-cf-id: SO4UzDankMEOHjdqlpIxCcRMcvzfbPQJJ9eAqaimmq_wwsEd2R7vtw==

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&RedC=c.clarity.ms&MXFR=1738D2C1C7266C8020A7C151C32662C6
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&MUID=34D702ECD7896B6024D8117CD6256AF4

42 B
443 B

56ms
56ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&MUID=34D702ECD7896B6024D8117CD6256AF4
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:14 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:14 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19F72E38EB5F4F0DACE921D696262128 Ref B: FRA31EDGE0809 Ref C: 2023-09-18T15:17:15Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=19F20FAD150D4844B5CF38AE7F3F35DA&MUID=34D702ECD7896B6024D8117CD6256AF4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 hls_video.js Show response
fast.wistia.com/assets/external/engines/ 473 KB
115 KB 91ms
40ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/engines/hls_video.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8a3343c417818542610c8c7ca20808de3f2cc1c71c960b1900ca186f11a15c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 651
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 117728
x-served-by: cache-iad-kcgs7200117-IAD, cache-fra-eddf8230052-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050235.307487,VS0,VE0
etag: "1588bde24d952a346531c512d4690482"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 56, 28

POST
H2 204 x
distillery.wistia.com/ 0
0 235ms
120ms Fetch 216.137.44.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.137.44.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-216-137-44-115.lhr61.r.cloudfront.net
Software: envoy /
Resource Hash

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
via: 1.1 eee2eabf1d5db87be015bf39b123f234.cloudfront.net (CloudFront)
server: envoy
x-amz-cf-pop: LHR61-P2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
x-amz-cf-id: O7JCiKSqCqVsreGk-Rbj6doi97YthmGYjMq2EDQLDpco_5d0PDlFDg==

GET
H2 200 hgw5udjwka.m3u8 Show response
fast.wistia.com/embed/medias/ 935 B
1 KB 41ms
41ms XHR
application/x-mpegurl 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/hgw5udjwka.m3u8

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

15c5ada025ff88fbc6b824d99a17454b5c8e0dfd501486df1b7da6c7b95d01e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
via: 1.1 f338f1f5c997eee01a37834445ee4740.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=0
x-permitted-cross-domain-policies: none
x-amz-cf-pop: IAD55-P2
age: 7725
x-cache: Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time: 42
content-length: 935
x-request-id: 53a2d492-18f6-410c-8796-3f17fb3f0060
x-served-by: cache-iad-kjyo7100158-IAD, cache-fra-eddf8230052-FRA
x-runtime: 0.041027
x-browser-version: 117
server: envoy
x-timer: S1695050235.481318,VS0,VE1
etag: W/"15c5ada025ff88fbc6b824d99a17454b"
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-type: application/x-mpegURL
access-control-allow-origin: *
cache-control: public, no-cache
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: v4fc9rwEuN7cy8cEhKqvU5gycPgvCr79oapEC4DlbCxGbz6VuCFYlQ==
x-cache-hits: 11, 1

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ 1 KB
2 KB 40ms
40ms Image
image/gif 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 540
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 1214
x-served-by: cache-iad-kjyo7100021-IAD, cache-fra-eddf8230052-FRA
x-browser-version: 117
last-modified: Wed, 10 May 2023 19:48:54 GMT
server: AmazonS3
x-timer: S1695050235.488296,VS0,VE0
etag: "fbdc4ed9a1e2ee4917a265306927bcf1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 8271863, 27

GET
H2 200 e6fe2391663839c0707966cc3c1d013cfb4adc81.m3u8 Show response
embed-cloudfront.wistia.com/deliveries/ 1 KB
2 KB 158ms
45ms XHR
application/vnd.apple.mpegurl 2600:9000:21f3:f000:1e:c86:4140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cloudfront.wistia.com/deliveries/e6fe2391663839c0707966cc3c1d013cfb4adc81.m3u8
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:1e:c86:4140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 6b35fd0482ce53cc94653e0f3335b1fdaded34088cd41e4c66917ea610f5efae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 10:58:07 GMT
via: 1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: FRA2-C2
age: 15548
edge-cache-tag: e6fe2391663839c0707966cc3c1d013cfb4adc81-hls-segment
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 130
content-length: 1159
surrogate-key: e6fe2391663839c0707966cc3c1d013cfb4adc81-hls-segment
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
server: envoy
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 9CnHP2OfUvYnRgT9c-kIUxoEs7uwzSyBK877iJYfJjwsz0Rh4WaU-A==
expires: Tue, 17 Sep 2024 10:58:07 GMT

GET
H2 200 seg-1-v1.ts Show response
embed-cloudfront.wistia.com/deliveries/e6fe2391663839c0707966cc3c1d013cfb4adc81.m3u8/ 59 KB
60 KB 50ms
49ms XHR
video/mp2t 2600:9000:21f3:f000:1e:c86:4140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cloudfront.wistia.com/deliveries/e6fe2391663839c0707966cc3c1d013cfb4adc81.m3u8/seg-1-v1.ts
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:1e:c86:4140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: ef6b081116c1c51ef1eddcbde1f8c64b14e1ad07acdac9920e852ae97e321751

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 12:49:52 GMT
via: 1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: FRA2-C2
age: 95243
edge-cache-tag: e6fe2391663839c0707966cc3c1d013cfb4adc81-hls-segment
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 62
content-length: 60536
surrogate-key: e6fe2391663839c0707966cc3c1d013cfb4adc81-hls-segment
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
server: envoy
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: AjX-usDIt58xMSSeMp3IWBz14iq10NamNlJ6w3I0NX3wMJjFRRPSjw==
expires: Mon, 16 Sep 2024 12:49:52 GMT

GET
H2 200 runtime~main.23dacaf3.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 6 KB
3 KB 175ms
174ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
x-amz-version-id: pIvWjpmnkFEOPFn4Wb5jKsJCJYLlBZpR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
server: istio-envoy
etag: W/"7bebf8444c728503329344c5817cc4e6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yu_44nMODoWIwJEXgh1p--2Ve-rsrHOr-wlZKp8NJ_dgVnGr1beqNA==

GET
H2 200 9.4a3e9801.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 35 KB
13 KB 383ms
382ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: RGGsnYkIKhnCZZiqmcvboqdk4rX4Gt0T
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 15 Sep 2023 20:51:08 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fkjFbnYWj1B-kUdqDRPIkREAkpVv3BZl3-LSwRGmLwPpfgm6Nyofdw==

GET
H2 200 main~493df0b3.91dc5a14.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 7 KB
3 KB 176ms
176ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/main~493df0b3.91dc5a14.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
Origin: https://rc-widget-frame.js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:15 GMT
x-amz-version-id: aQ8O6UMWsN.2o5G5k1LSH1svCMcNLzIM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:27 GMT
server: istio-envoy
etag: W/"c11c9776fa434757756e10e6ded61c75"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ndI5610Wv4vWIeCkWTuU8v2XpuroeK-MfGIK5BYs3jldwg0HIHwfMA==

GET
H2 200 904a75506f421d869e1f22343c8c09879e5446ad.m3u8 Show response
embed-cloudfront.wistia.com/deliveries/ 1 KB
2 KB 43ms
42ms XHR
application/vnd.apple.mpegurl 2600:9000:21f3:f000:1e:c86:4140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-cloudfront.wistia.com/deliveries/904a75506f421d869e1f22343c8c09879e5446ad.m3u8
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:1e:c86:4140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 0c6e9024d6ff8951ace56439b4807a361b2743e428f61a2de91484cb2c8eea17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 12:49:52 GMT
via: 1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: FRA2-C2
age: 95243
edge-cache-tag: 904a75506f421d869e1f22343c8c09879e5446ad-hls-segment
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 199
content-length: 1159
surrogate-key: 904a75506f421d869e1f22343c8c09879e5446ad-hls-segment
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
server: envoy
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: evBOaclGDtb-wCDTaaaqm_IruRVF38HlS1pD91rjMsIuAOlISZrWzw==
expires: Mon, 16 Sep 2024 12:49:52 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 437ms
437ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 mput Show response
pipedream.wistia.com/ 2 B
328 B 132ms
131ms Fetch
text/plain 2600:9000:236e:9200:3:471f:5240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pipedream.wistia.com/mput?topic=metrics
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:9200:3:471f:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: envoy /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
server: envoy
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
content-type: text/plain; charset=utf-8
x-envoy-upstream-service-time: 1
content-length: 2
x-amz-cf-id: qPwkx1UZRcL2JJmt2TOgGWa7fomow78ldk5JZsdAVxvJJoeeHAXPEA==

GET
H2 200 allIntegrations.js Show response
fast.wistia.com/assets/external/ 23 KB
6 KB 40ms
40ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/allIntegrations.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e0a5df872acd477e9dc58fcae321903aacc4a9ae494ffd50a564d66b97d9f5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 718
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 5795
x-served-by: cache-iad-kjyo7100116-IAD, cache-fra-eddf8230052-FRA
x-browser-version: 117
last-modified: Fri, 15 Sep 2023 19:09:01 GMT
server: AmazonS3
x-timer: S1695050236.233288,VS0,VE0
etag: "6261d633f12fcf7c1c54c857a24abb83"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: cd1638917b5ef793221f03bd59c0c5f83924c8dc
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 45, 25

GET
H2 200 51.558be3c5.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 23 KB
8 KB 188ms
187ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: 72yfBPs9LQvdbd6RIZHJGbCmqsAlIciV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 15 Sep 2023 20:51:07 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: je28jeNT493GPXrZPZrneXaqV4VS-lLX1WIorcCBP4ldostON45oGw==

GET
H2 200 33.ae4de0a0.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 36 KB
10 KB 285ms
285ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: PUG2tPuHbg6UXU15H37d6Lifu.5b8Act
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"db0cd5b66c52523e10b87a0c8a2db182"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hPitiW-aCspxAkpz6eQiLFOb7dXCII5mdCvfRAcEVPpI1yl0TGQaTw==

GET
H2 200 22.6b9a301a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 32 KB
11 KB 179ms
179ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: 7EcKE0v8gMrnLzdfJADqjgnIVx6NCRDv
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lvxV3vjgg_zBptQrJyYCNTzApnWdb2qg9Gtx1wPY5LaTgRoNDmcjeA==

GET
H2 200 19.6f85b843.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 17 KB
6 KB 180ms
180ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: 8JD0w06aUN7LQuiocTdtSNf_R6r9xgiI
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eGhtVrZABMHV0jh3lgaDTPWgm7CAOV3qoDeSNS-rZZojKGme9-dwmQ==

GET
H2 200 41.b4fc4de2.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 25 KB
8 KB 450ms
449ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: _5XuCoBvpwpe74IeYxrswbcOHbJC1Qsp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 15 Sep 2023 20:51:07 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EamtvCVcgEk6x-VcX4xlE7g9-op77EbvZO2neCEoOvWvyg3CRylfSw==

GET
H2 200 20.8c21ea18.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 74 KB
23 KB 268ms
267ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: uf9hh_fVPPNMADrPwd8uQJ4z2zrlngZk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wQJXyPbYlrua7nkvcC_NGsNxrCjXolkBa1Kyzrmb1ne1gwiKCH0S9A==

GET
H2 200 27.3951aad8.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 66 KB
20 KB 201ms
200ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: PLRwkxTy0W_1o8rwzVQG6XR9UyxAvjNh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 42
last-modified: Sat, 02 Sep 2023 21:37:07 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _u_lpOIHp7lCl3mzbHCJyt2oKnmO2RaYEZZvcuHnCBxuHvEh5eN96Q==

GET
H2 200 14.e24a6190.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 91 KB
28 KB 276ms
275ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: CKPumg.9ph.ZbNFCEgS_blv0AlpmDF8w
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aMuQnhMKd7Bon-KFNewdeB-IK0rFgP2c1FLmaqS6gKX_nGlQyc4CDA==

GET
H2 200 11.639238ba.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 23 KB
7 KB 176ms
175ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: PipiODm4WhWzigBJrfwsWCO2Kvw028Yl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 15 Sep 2023 20:51:05 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ETUsgksLIDaDf0WcwnxhhtVLfSNfWcX5aDVm2yqsGvUyGwvIP2ZDEQ==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 62 KB
20 KB 378ms
377ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: hwQe5SCpqbYZWunq2olmGxMxL_VS99Ty
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rlXbtaHtsuCs366AK2tNkqVrWZgUpj8wOeUT0kqkpRhwZBCOiA9Jlw==

GET
H2 200 49.f7274268.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 105 KB
34 KB 337ms
336ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: 4xY.Ovzonklt6IWOSQ1I9.Mt_Kt6GyjG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 15 Sep 2023 20:51:07 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ew0TpUUjt1LuYul3khxjZ3b7kd-ekIfDUpX_D4D4TuzoDtltcpQK7g==

GET
H2 200 40.31ef8dbf.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 12 KB
4 KB 231ms
230ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: CO6KjHHRPgP8ZEDL.m9WnbAEy_dP_KRy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 15 Sep 2023 20:51:07 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eLo2xecb4mShCANUXPMowwq3H9wj5EYrStqiLVqLGbKjlFArXxGAzg==

GET
H2 200 29.31d09948.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 13 KB
6 KB 401ms
400ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: WCU2aJfAKW2XsyZyw7eBPTIdjiFy9NsJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kquf-50wJBMlCLUlX0Gs0NRZrQfhfSQOZF3XFwRUAHLBqTsncBNPPg==

GET
H2 200 21.b8c41db9.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 17 KB
7 KB 396ms
395ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: GNuNL2Q2wn0uTxHn_dsgPLktgeFAmwfm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 15 Sep 2023 20:51:06 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Pby2MiVREGAuRGM3kJsdsA1jFMQrFQlXxh3XciVoMkw7tbBjjUPmhA==

GET
H2 200 8.98b34517.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 31 KB
5 KB 222ms
222ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: iNKtCZtb69S5Xg2ti_W3KaKTIlBxoqLp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"82429fd1682dcb60e14996ad58a35a4f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wqQDoGgmjAiZaQKXOt9H09UBJvVMxQIbAZ3Hl9ZsrP7qT_orxcBnkw==

GET
H2 200 8.5fdda827.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 81 KB
25 KB 221ms
220ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/8.5fdda827.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: s5Gs7OuwDj2F26kpSyydH_032jxZE3YX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:26 GMT
server: istio-envoy
etag: W/"f78079aaffe016efb8ec35b9fbb9f42f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6efiM5GZMoju3fw4SWjCpkY0xnHZJrmWv4jlgujv5gSgrNieIwadrQ==

GET
H2 200 16.22abfce0.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 24 B
695 B 218ms
218ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: c4DgpOLG3o8cHj1ozybA78qcDHSXvGo3
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
content-length: 24
last-modified: Fri, 15 Sep 2023 20:51:04 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fFNeg2NCbtwa63ube8eXFNjoXrkEyEjcQ6t2mXhQPe7xSaarx2G2Sw==

GET
H2 200 16.890a0911.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 91 KB
24 KB 496ms
496ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/16.890a0911.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: 2cJi_0AtsucvWstmkbj3mO1t8SiuDMru
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"52b055a08e59141b8f7b7947c7d7ab69"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9CkGCaxlzGZ6u7Ntiiad7TU0M53jb_liP3noPyEOg7ZiRSKqHBddaA==

GET
H2 200 24.24e43c3b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 50 KB
14 KB 320ms
320ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/24.24e43c3b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: J3Ynz_VL_Xe.kEj4VqPxsio5dIqXBI10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"390d4b78f4c738295b7974aca941d031"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BCyavDXJ-zZolAGz17mZ-17kKzLgdQpCemSKs1MS6oAEixSw5hGsdQ==

GET
H2 200 17.413337a8.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 40 KB
13 KB 224ms
224ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/17.413337a8.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:16 GMT
x-amz-version-id: Ud1ylpzTdwt3qfnkRXUYob2T_ovQMI1N
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"4aea30e551ee7f04a564c0408c291306"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FJ_Fvm28ukKAeP0_JsibKLY_AYNZb9zlO8NrVGaSWG-0KIJPG16ZWA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 402ms
402ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 9 KB
3 KB 177ms
177ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: 2kk5eEBHPrmxAo_tywKfarfF0OgJxU1g
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 15 Sep 2023 20:51:05 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7ElZ24pl5J9v121B2FWI8T1q0kjznJXMVuIElp0y_QL6pd0QrdYbKw==

GET
H2 200 4.07aa08a5.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 7 KB
2 KB 360ms
359ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/4.07aa08a5.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: wzblrhR8VgaZ91O5gq0aMSI2PU89S5cp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0hLM124Q9eplBw7aq3aVaihASEBKc_znlKTbkY9Yp_-xd7JAI5j1sg==

GET
H2 200 4.36582b8b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 54 KB
15 KB 266ms
266ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/4.36582b8b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: aXK3nhxEmGQGmcWeEUpmTanxIifnp1mO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"eb4f4fdfa625f5036ae2538950af438e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vAaIW81YKAqpfHY77--IsM7sUVB3aWkKgZOzRH-AIoIqa4u6_FpgDg==

GET
H2 200 34.4924e4bf.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 27 KB
8 KB 196ms
196ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/34.4924e4bf.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: T7ywXmlgZ2pn_NjEp3YMDrKgM16OYgwy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"2a9499a40949c70c9c00081b06639cb0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: apnI5fbcr000X2g3hCdJ2bxGtLHvp3v_lJ6krhTcoTceXjkT_0MUvw==

GET
H2 200 1.12ba17b6.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 44 KB
7 KB 390ms
389ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: 1UMfqC7NIybnz8eHuK1TZRvpRp4xlZJU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 15 Sep 2023 20:51:03 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CEHFJxrJ7OLFR9XkyIamtw10wSQOdUJ09wfC0xTGV1WWNp5Gq1SHNA==

GET
H2 200 1.9d9c8c3b.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 54 KB
18 KB 183ms
183ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/1.9d9c8c3b.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: TN5uaySIype7BWdOQeU5pFJLqRV.3qiK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Mon, 21 Aug 2023 14:57:24 GMT
server: istio-envoy
etag: W/"bc8dde7d353b792cb424661adcff29fb"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -h8hRlhkNVvhWqH45lnyfmkjmnBdseHuNUdnxYKuZpJTeuivlwU1vQ==

GET
H2 200 3.bbe0e1fa.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 24 KB
10 KB 174ms
173ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/3.bbe0e1fa.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: pHxDHN0IINa0RNuxMPvQ8pBn4Eg1GWSc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"b394f9cf6fe473cdb6852b332234aa52"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Z9WAY4z3H1y2_d3ah_t9xD2iHcD4cCOTTqh-_SjeaxaHbp2xJpKYPw==

GET
H2 200 26.5208cc6b.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 11 KB
3 KB 362ms
361ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: SrCjVsE3413g5wEL9F8CX8IFIQaqzFVz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"0842e637a23acc114afbb6195c984564"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Pyu1S5ODuN43QXAsKKCFgjAeB1XEYuC-yle0T64xMiLSoNnznHseKA==

GET
H2 200 26.69219246.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 16 KB
6 KB 276ms
276ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/26.69219246.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: xHgUeRJlJNXFuOCOFJ6VHVB_xDcgAWBV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"c41c7243f45ea540e99a3256f4942432"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ULt6VqcxuZdVNybuVAZxR4AFcTeIhRSGVyDateCgF-AO3RB5euI65g==

GET
H2 200 25.7addeee7.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 9 KB
2 KB 176ms
176ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/25.7addeee7.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: EFJHE_lMh.tvaT0GqPW.1ROLceWNBRoz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"b9011653b355d04d18b2ff93e45e1ecd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _JQIDkjitR58J6W8-Oh49Mn-dowWhm3eVrYpiidOtxZnVyJdFyKq5A==

GET
H2 200 25.915ff314.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 47 KB
15 KB 340ms
339ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/25.915ff314.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: qod1m4nnLfUgaMaxljkZuFfY2SywXHfx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"12bceaba2da6c30ab2a0aacbde681b0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2g4EEVekUU9OlYVMPzwSd0gj6EOXmvZbqzE4lyTcjI-uy276tFMK6g==

GET
H2 200 28.e29661b2.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 561 B
1 KB 223ms
223ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/28.e29661b2.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: yOY99EI9PDEu6PYQSPkvCce7eoR8ev5W
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 26
content-length: 561
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: "5847d5731c3141aa511411d6c66a193c"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QmIN3bl6nfQzkYbS7nwdfhlzzR8WnDGgNovjPPAaAR-rMsdFKob1qw==

GET
H2 200 28.7257241a.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 49 KB
14 KB 556ms
556ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/28.7257241a.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: Aw7E9DaiC.0zygWe8D.HQj28dALSaXA6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 53
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"e737f53b0791dac4c523770b4992131c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HFoSGbbwZkfcIKRyknkmX4cMKe2f-2kpuh7IHp-_XFmxyuPt2Lk8gQ==

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
296 B 127ms
126ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Mon, 18 Sep 2023 15:17:17 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 35.3cdf48ae.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 9038 16 KB
3 KB 175ms
175ms Stylesheet
text/css 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/css/35.3cdf48ae.chunk.css

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: V1yopT2bXZUj.CNczvGqS7_vfWAIiP2A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 21 Aug 2023 14:57:23 GMT
server: istio-envoy
etag: W/"ac16e52f547ce8f3de32d9d7d591c2c0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DdQw2jlkktc4-I-o0w0g7eC3Xskc9azSBqCcSfJuV5SOpTFBNeZRkA==

GET
H2 200 35.3969a3d7.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 11 KB
5 KB 276ms
275ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/35.3969a3d7.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:17 GMT
x-amz-version-id: _L8fRFK5jC3YnnGaFitzP.KBJ4MXVS_2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Mon, 21 Aug 2023 14:57:25 GMT
server: istio-envoy
etag: W/"dcd622adceee29d53432ca3f6e9eb777"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xGP6CZYKzJukosWhyi58lcyuljn1raoLHD_hV6sTFq4-wE6IwHKu6Q==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 47ms
46ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je39d0&_p=1893531742&gcs=G100&gdid=dZTQ1Zm&cid=2024779915.1695050233&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1695050232&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy&dt=Cleartext%20Shenanigans%3A%20Gifting%20User%20Passwords%20to%20Adversaries%20With%20NPPSPY&en=scroll&epn.percent_scrolled=90&_et=8
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Sep 2023 15:17:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 9038 147 B
588 B 409ms
123ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

3a7b10355308a78d0d91024dd892e2aae37062eec786d837c5cf4951ac903a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Sep 2023 15:17:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: f59d16f5d485ea40
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 147

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 342ms
342ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:18 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v2 Show response
customer.api.drift.com/integrations/hubspot/utk/ Frame 9038 2 B
64 B 190ms
189ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Sep 2023 15:17:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: c9c263bff00be0e9
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 70
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2

OPTIONS
H2 200 v2
customer.api.drift.com/integrations/hubspot/utk/ Frame 0
0 150ms
120ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 18 Sep 2023 15:17:18 GMT
requestid: drifta4edb52437e9a23a29c2c12e7e0
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 9038 25 B
87 B 165ms
135ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Sep 2023 15:17:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 204aecab0e155c0
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 9038 8 KB
4 KB 243ms
243ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

ce608692ed38d31a2474338d1e081173c854c375ad49814f24556b5614a45aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Sep 2023 15:17:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: e4796058b2116e7
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 124
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 3686

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 268ms
268ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:19 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track
event.api.drift.com/ Frame 9038 674 B
737 B 161ms
161ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://rc-widget-frame.js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTQ5MjY4MzIwOSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjUwOTI4MDQiLCJleHAiOjE3MjY2NzI2MzgsImlhdCI6MTY5NTA1MDIzOH0.u_s-yuILjota4y8YAzwKkE74mS5WM9GcLqesVlS2I0WNNiGDebXqecoNpKzfhki1UWnbBkkn6oWXHTji17OPnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Sep 2023 15:17:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 8660d50fe66a6e4b
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 42
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 674

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 162ms
120ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 18 Sep 2023 15:17:19 GMT
requestid: drift211f7b14217a613260bd2902ea6
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

GET
H2 200 57.28dde8ce.chunk.js Show response
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 9038 19 KB
7 KB 172ms
172ms Script
application/javascript 13.32.110.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.80 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-80.vie50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=ea75c8cc-d526-4e4d-89fe-f29729f9d826&sessionStarted=1695050235.199&campaignRefreshToken=39f1047d-bf15-46ff-9589-b518401029fa&pageLoadStartTime=1695050232071&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fcleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Mon, 18 Sep 2023 15:17:19 GMT
x-amz-version-id: AVhfAgum9UT7aSCN4.iXNq39tZCWvhQb
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 15 Sep 2023 20:51:07 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YrEwDWViydHwrTgClYIoCqVs4XjsUz9ogTgwV-kLkevU4Up7H2GmJg==

GET memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 9038 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: js.driftt.com
URL: https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Verdicts & Comments Add Verdict or Comment

188 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

64 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.huntress.com/	1970-01-20 14:50:52	Name: __cf_bm Value: mlmdzPG7VycpRR96xv06BKZgquAlv_q2paHWZCG_5iM-1695050232-0-AUlf/1bln8sf+KSXkBaH0M3dON3Wc6q/7TI61ThTa0FfDGbxRDQlX3R/hs7jVgrYb0b6RPpM4hcEyCU/j6r/+m0=
.www.huntress.com/	1969-12-31 23:59:59	Name: __cfruid Value: 448552fdc50c262839177491ebb42d743835b210-1695050232
.huntress.com/	1970-01-20 14:50:52	Name: _sp_ses.1564 Value: *
.huntress.com/	1970-01-21 00:26:50	Name: _sp_id.1564 Value: 5e2c7650-ae1b-47da-b61f-7d3b2047b7f4.1695050233.1.1695050233.1695050233.27e20079-87cf-4ca4-ae18-1f84abdb1322
.huntress.com/	1970-01-20 23:37:52	Name: _vwo_uuid_v2 Value: D3E9A1812F28A8613613E078AAE60E93B\|74343d77744ccf0050c2e93b85e6392b
.hubspot.com/	1970-01-20 14:50:52	Name: __cf_bm Value: 300MhdlDMrXqhKUC2PQH_5a3RjAMR4qhj9I02JbyxSA-1695050232-0-AQVa3b37VfQ2DgfnATmbNcFhbZDSxrBx6xz9LgFfIQ922VjnT8aEtdL+mebUTIc9qpfC/d+zPBX5NoBTZKE7RKY=
.techtarget.com/	1970-01-20 14:50:52	Name: __cf_bm Value: ZM3msKW3.t8t6iGmX_R2y.dpv.m.0t3EOK8d.SgFT7M-1695050232-0-AY7kGQu5Svdi370xiy8VUnxhrDdSJ8D3ELi/BffWdpyPvC60kZJGIJ9OYMSjYvqO98YDFGSr8pUPWRUiaxghzAo=
tracking.g2crowd.com/	1970-01-20 15:10:59	Name: _session_id Value: 83ed0a7c1adf82f6d22f4a16e13cf6a9
.g2crowd.com/	1970-01-20 14:50:52	Name: __cf_bm Value: wyUoQEuDY.wNjopc0ApOLXXfLLlGY58Bom0xC4Pd7N4-1695050233-0-ARuKf2mkaQfKoc27k1TH5vIh+TmP4rsFARDDXl8c2d1lHy6EbaEB8IiaY9LKAbiHAiFuh9PLnBQdQprPS8UH5SU=
.huntress.com/	1970-01-20 14:52:16	Name: _uetsid Value: 71b79350563611eeadc611a803b267b5
.huntress.com/	1970-01-21 00:12:26	Name: _uetvid Value: 71b7e280563611eebf7fcd8103f69732
.huntress.com/	1970-01-20 17:00:26	Name: _rdt_uuid Value: 1695050233121.0a0da1b1-2a5b-42ff-b8ae-06932b235878
.ws.zoominfo.com/	1970-01-20 23:36:26	Name: visitorId Value: 364f8bc1f9cf0f5d25987c12caf61f3f3b1d880388b8dddc39679f99d0a0deb7
.zoominfo.com/	1970-01-20 14:50:52	Name: __cf_bm Value: Sy6igVTOhQZScpXQGPUPmm6J5o.MLrFs.bETHloB2MQ-1695050233-0-Ac6bIz6sNVOJZ903ChoK7LYVUgTAjyxvdH+xcGDn7ypMwRnDKFDOLdyz872cZEmd/v7Hsx6gzyIfwm0XAs+05zE=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: duBvE2c.o7rGJVJKMk1oJPVs7QHr9o_gnzLc.vneCHg-1695050233164-0-604800000
.bing.com/	1970-01-21 00:12:26	Name: MUID Value: 34D702ECD7896B6024D8117CD6256AF4
tags.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id Value: s%3A0-23274dc7-b2a5-5112-533c-a9899e314bea.GQ7yemrqXG31j2sGm4nnjOjYTMQuYzwietcKxoZzbQw
.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id Value: s%3A0-23274dc7-b2a5-5112-533c-a9899e314bea.GQ7yemrqXG31j2sGm4nnjOjYTMQuYzwietcKxoZzbQw
tags.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id-v2 Value: s%3AIydNx7KlURJTPKmJnjFL6lD_B2g.QogU%2FSc%2B8%2F45lvAdwqK1SCFKoY4jmYdAw21J8cXXDvk
.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id-v2 Value: s%3AIydNx7KlURJTPKmJnjFL6lD_B2g.QogU%2FSc%2B8%2F45lvAdwqK1SCFKoY4jmYdAw21J8cXXDvk
tags.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id-v3 Value: s%3AAQAKIPOUqYQv-xkHqmEcch57B1ccJLCW-dLtny8kgAXdsQ3TEHwYBCD506GoBjABOgSEo62DQgTftGoB.mT9nl7%2BMlOM3o%2Fwz%2BRWxArn%2BRy%2Bu1rSq%2BI7Xxl4wB7o
.srv.stackadapt.com/	1970-01-20 23:36:26	Name: sa-user-id-v3 Value: s%3AAQAKIPOUqYQv-xkHqmEcch57B1ccJLCW-dLtny8kgAXdsQ3TEHwYBCD506GoBjABOgSEo62DQgTftGoB.mT9nl7%2BMlOM3o%2Fwz%2BRWxArn%2BRy%2Bu1rSq%2BI7Xxl4wB7o
www.huntress.com/	1970-01-20 15:00:55	Name: slireg Value: https://scout.us4.salesloft.com
www.huntress.com/	1970-01-20 23:36:26	Name: sa-user-id Value: s%253A0-23274dc7-b2a5-5112-533c-a9899e314bea.GQ7yemrqXG31j2sGm4nnjOjYTMQuYzwietcKxoZzbQw
www.huntress.com/	1970-01-20 23:36:26	Name: sa-user-id-v2 Value: s%253AIydNx7KlURJTPKmJnjFL6lD_B2g.QogU%252FSc%252B8%252F45lvAdwqK1SCFKoY4jmYdAw21J8cXXDvk
www.huntress.com/	1970-01-20 23:36:26	Name: sa-user-id-v3 Value: s%253AAQAKIPOUqYQv-xkHqmEcch57B1ccJLCW-dLtny8kgAXdsQ3TEHwYBCD506GoBjABOgSEo62DQgTftGoB.mT9nl7%252BMlOM3o%252Fwz%252BRWxArn%252BRy%252Bu1rSq%252BI7Xxl4wB7o
www.huntress.com/	1970-01-20 23:36:26	Name: slirequested Value: true
www.huntress.com/	1970-01-20 23:36:26	Name: sliguid Value: fb6be3da-648e-4ec6-a023-6d5d02d0720b
.t.co/	1970-01-21 00:26:50	Name: muc_ads Value: fb2dcf84-9377-4461-83ac-076afa661f6f
.huntress.com/	1970-01-20 17:00:26	Name: _fbp Value: fb.1.1695050233447.1362793925
.twitter.com/	1970-01-21 00:26:50	Name: guest_id_marketing Value: v1%3A169505023337491293
.twitter.com/	1970-01-21 00:26:50	Name: guest_id_ads Value: v1%3A169505023337491293
.twitter.com/	1970-01-21 00:26:50	Name: personalization_id Value: "v1_Uljv3n+5TI0v/Ld6lB7z9w=="
.twitter.com/	1970-01-21 00:26:50	Name: guest_id Value: v1%3A169505023337491293
.huntress.com/	1970-01-20 23:36:26	Name: _hjSessionUser_2159185 Value: eyJpZCI6IjQxMjhjNjllLWIwZWEtNWQzMC1iYjE3LTAxNjFkMWQwYTU5NiIsImNyZWF0ZWQiOjE2OTUwNTAyMzM2MTgsImV4aXN0aW5nIjpmYWxzZX0=
.huntress.com/	1970-01-20 14:50:52	Name: _hjFirstSeen Value: 1
.huntress.com/	1970-01-20 14:50:50	Name: _hjIncludedInSessionSample_2159185 Value: 1
.huntress.com/	1970-01-20 14:50:52	Name: _hjSession_2159185 Value: eyJpZCI6IjFlNWQ5NGQ4LTJkZTctNGJlNC04MTk2LTc0Mjg4M2UzODk1NiIsImNyZWF0ZWQiOjE2OTUwNTAyMzM2MjIsImluU2FtcGxlIjp0cnVlfQ==
.huntress.com/	1970-01-20 14:50:52	Name: _hjAbsoluteSessionInProgress Value: 1
.bidagent.xad.com/	1970-01-20 15:34:02	Name: xad-uid Value: ZmE4M2RhYTQtNWQwNy00ZDBlLTg4MTgtZGZiMGVjNDM3Y2Nh
www.huntress.com/	1970-01-20 14:52:16	Name: ln_or Value: eyIzMjgxNzQ1IjoiZCJ9
www.clarity.ms/	1970-01-20 23:36:26	Name: CLID Value: 14fedcb696d94c77b41d46aa8983e2d7.20230918.20240917
.linkedin.com/	1970-01-20 17:00:26	Name: li_sugr Value: a5462ef6-2673-47db-88a5-466e1864c16a
.linkedin.com/	1970-01-20 23:36:26	Name: bcookie Value: "v=2&1214d8e6-6adb-475c-841a-fa90bbabe2ad"
.linkedin.com/	1970-01-20 14:52:16	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2996:u=1:x=1:i=1695050233:t=1695136633:v=2:sig=AQHz8rIvGrVmznhhhIqW4h0ktjebjgot"
.huntress.com/	1970-01-20 23:36:26	Name: _clck Value: 702dfy\|2\|ff4\|0\|1356
.linkedin.com/	1970-01-20 15:34:02	Name: UserMatchHistory Value: AQLcbb964kB-IQAAAYqo3fg7qMC2xFVQUbetOtJLtbe8RgXp-WnPYjlCi5YNFt2IBgzmGUovQf0JAw
.linkedin.com/	1970-01-20 15:34:02	Name: AnalyticsSyncHistory Value: AQJIWg8IcqQhwwAAAYqo3fg7bmtwgwK5yBX16VUJkyX3s-sqpOZk86iDuSfeuKiLDASrkSNkkmG-6_-bpVgqTg
www.huntress.com/	1970-01-21 00:26:50	Name: _gd_visitor Value: d4982970-cc7a-4525-808e-4583e643655f
www.huntress.com/	1970-01-20 14:51:04	Name: _gd_session Value: 7f4ad4f4-1fa6-4489-8339-87ae84a6ee45
www.huntress.com/	1970-01-20 15:00:55	Name: _an_uid Value: 0
.www.linkedin.com/	1970-01-20 23:36:26	Name: bscookie Value: "v=1&2023091815171455923fb5-59a6-464e-8541-535d6dd4170eAQH1kczjV-IpJZCdGOBGC19L3d6cAIPt"
.linkedin.com/	1970-01-20 19:10:02	Name: li_gc Value: MTswOzE2OTUwNTAyMzQ7MjswMjHIEF5u5Ju+/2xK1FnLzvIWtsfkWVEf0XzLC4qZpUYHYQ==
.6sc.co/	1970-01-21 00:26:50	Name: 6suuid Value: b4641102444a1c00fa6908651e010000ca00d400
.huntress.com/	1970-01-20 14:52:16	Name: _clsk Value: 1dg44yk\|1695050234540\|1\|1\|p.clarity.ms/collect
www.huntress.com/	1970-01-20 14:50:52	Name: drift_campaign_refresh Value: 39f1047d-bf15-46ff-9589-b518401029fa
.c.bing.com/	1970-01-20 15:00:55	Name: MR Value: 0
.c.bing.com/	1970-01-21 00:12:26	Name: SRM_B Value: 34D702ECD7896B6024D8117CD6256AF4
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 00:12:26	Name: MUID Value: 34D702ECD7896B6024D8117CD6256AF4
.c.clarity.ms/	1970-01-20 15:00:55	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 14:50:50	Name: ANONCHK Value: 0
www.huntress.com/	1970-01-21 00:26:50	Name: drift_aid Value: cef266b9-8d43-4390-8f51-21e1fd5a95a6
www.huntress.com/	1970-01-21 00:26:50	Name: driftt_aid Value: cef266b9-8d43-4390-8f51-21e1fd5a95a6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3911692.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
bidagent.xad.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.linkedin.oribi.io
cdn.metadata.io
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
content.hotjar.io
cta-service-cms2.hubspot.com
customer.api.drift.com
dev.visualwebsiteoptimizer.com
distillery.wistia.com
embed-cloudfront.wistia.com
embed-ssl.wistia.com
event.api.drift.com
fast.wistia.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
metrics.api.drift.com
no-cache.hubspot.com
p.clarity.ms
pagead2.googlesyndication.com
perf.hsforms.com
pipedream.wistia.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
rc-widget-frame.js.driftt.com
region1.google-analytics.com
s7.addthis.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
vc.hotjar.io
webhooks.fivetran.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.huntress.com
www.linkedin.com
www.redditstatic.com
js.driftt.com
104.244.42.133
104.244.42.136
104.244.42.67
13.107.42.14
13.227.219.28
13.32.110.80
146.75.120.157
151.101.193.140
18.193.29.230
18.239.36.120
18.244.28.107
18.66.97.53
185.89.211.84
2.17.100.184
20.122.63.128
2001:4860:4802:32::36
216.137.44.115
23.215.20.4
2600:9000:20eb:9000:2:53b2:240:93a1
2600:9000:21f3:ba00:1e:c86:4140:93a1
2600:9000:21f3:f000:1e:c86:4140:93a1
2600:9000:236e:9200:3:471f:5240:93a1
2600:9000:2611:cc00:9:d7d4:1380:93a1
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67e4
2606:4700:4400::ac40:90e1
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:4dba
2606:4700::6810:5714
2606:4700::6810:6ed1
2606:4700::6810:880f
2606:4700::6810:e05d
2606:4700::6811:180e
2606:4700::6811:4341
2606:4700::6811:5a9a
2606:4700::6811:e6a3
2606:4700::6812:7a0c
2606:4700::6812:a07d
2606:4700::6812:c07d
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:80f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:831::2008
2a02:26f0:280:4::213:7861
2a02:26f0:3500:16::215:149b
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:400::396
2a04:4e42:400::644
2a04:4e42:400::649
3.94.218.138
34.111.208.231
34.159.227.151
34.96.102.137
54.144.37.180
54.146.203.247
63.32.22.194
68.219.88.97
015f37ba3efc7959978d0b6c056cf021ef168e67da1b6c4edcde03958c3783cb
026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf
062d666beaf1dcb9e94721b47455c6de55b4aa4cc59b4a16de64383a74262ab3
0b5018e12454c16a3fc8ed8943845042f295636863515c4d480578ef9fc0bb0a
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c6e9024d6ff8951ace56439b4807a361b2743e428f61a2de91484cb2c8eea17
0e7eb744d9cada958cbc60dba14b941983ce201cf9ed8259d07bd4b70e36dd69
10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508
11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868
14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2
15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65
15c5ada025ff88fbc6b824d99a17454b5c8e0dfd501486df1b7da6c7b95d01e0
160481cd92237198c50e8eaba0b214f4974484377dfe3baf331b26c4fa340922
1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938
1cf9379ed37aff937075a246864c8a3c8a8f9071e661289c0df831454d031aaa
1d4548c03b28521204ab490e46b39179b8fa196998d45215a24602306b662ab5
1db6b123f97b64be2a35c607c2d290818cea4f045f157b7499d1e57797b52f66
23e985d081d9f85f9ee808c3a174c485be993fb2b3d3182ca9f729f6cc0e6da1
24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844
2511f97f0c01a302b753d9697deba3a0bc995f3ea0ec5ac7e9db919cdb7d44f5
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
2687a401b63f6c7554a4cb3f6b45600db33daa02e47e6e70b6407f56f49c8e46
26af4e642cf1bc9baf695502fb0fa2c54c94531002aafb9716c071b45d68f7e8
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e2e6c370c979a507b7de1b2b5326c7f60298db2106d2b2c955935f8149e48ce
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3a7b10355308a78d0d91024dd892e2aae37062eec786d837c5cf4951ac903a6b
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3b5765cdf7d4f072406ef5bfeecee9b32bff67188fd51806fdb3e33dd947d083
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3f45ea05ba8826264b51a52408a28c126b053adbe8520def78af91a148594ff5
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
423c954159de258117619e1a7617772fbc5a6910bee7ccf2966dda821d0cd510
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4e749e542920c472fb1236b637be9c888e523748567a8373a1c406aec9abb12b
4e97e5c7e3a36777468cb362523ee4c670cdb239897551cbb8fbf390d71858d4
55162e9b494d9fc1831ba6a83f207a1ff6d85c052d821ad30d78baf212930cf0
558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57c4b7673e3943ec077f8026c6905ae8cb5b552675fb183b480b69f58b33fde1
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5a576ec15b23aa50645676f64b2d3e30ee9d55893d95529f5a74579579f2f250
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735
646e089067f8b1512a750b28610b468451cc4a7343aecb3bcaac77fd1f1f4084
66386f527eec5f5df25a2cdf590236d3ff5e728721a7ed6b22362f93f1ef0421
66e58d37cc4b8168a1bd6678e085b43e939eb138fe608b7faffe3b1ba76b0c7b
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b35fd0482ce53cc94653e0f3335b1fdaded34088cd41e4c66917ea610f5efae
6c3843f5ff1686c13c58f9ce11922ae422e2884eff7e01291b47da7522955de6
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
70e4523c4042427c12a9c72ce6c27695bf6d13c0065819eac9468f636e2ed54b
731159bbdd31296db969bd3049f07f7301568ff8d2b58b99b7608e0d31cef29c
756b599d8baf9e385cf3b71a5adfebe5adb47612febd4c8b1c2f5837f8530bbc
7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910
79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e
7b1960b5a73e4b954b9de3c1e950a7cff3f6b0d346f4528c511621b14a8b491c
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
819c86c5f98c0bbbc51c296df8c5528e4a02c3438c8da3d84f75b585e67851cd
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
874bcfef97e339da8ad8cb8c0560ff77ce2f04b6603b15f3b5a5d822fc57fbab
88587379198cff270a834119c612eb333b757dbac05c62276491c7ca5eed141e
8912320737e38147499c4a1e19c30ca5ba1bdc092378f86d6d18952ec1f61bd7
896ec2a677639c5ec7f77c8e61f7ee0ad0d0ae21d486fe58de720329307ea21b
8a3343c417818542610c8c7ca20808de3f2cc1c71c960b1900ca186f11a15c32
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
8f74153424f9e04eb89902bf48adaf8c5567e8d620d05690ad9446074d00a061
8fb8fb56bfa0d76b014e7664f61e68736423ec485951b24b26b206976747931d
9186483d7071bcb65b228ec02e65e8fb1cf8dfb9c0996ef65800eff7f6bf81cd
92d88b9e16931b83b2136b27fff224cb9a3c3f96b344b050b48c9c3fa66506db
9376df9b8822a7f057796704e3cb466577faa32f94b2460a2429944cc16c9489
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
93a5a0cfdea362c1ee1b739db312349ee8b67754522f104c087eea9d21bbc6c2
96bdbfc5920f60b62c1887eb76735c3780b77303ae572773a958e0d3cc2c7d26
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a39f397a578fab590d3c22622caee469a713bfd40fae24504ca280157fe53f3
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a263e64fb1370d7a19b464f9ad77240556592100b880e7f3a38ae11c355e7a9d
a65d5029de63edbd0e5fae2126da85af8557be5af9082adb5e8f1cd3c081f120
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff
a88640fc41e00e4363eaa7f824143cadb419e2437cdac21ca9573fa9afde1dc4
a968f7560a3f021198c233b384d7a88f43caacfa0154f88e02116aa74fb65e6d
ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd
b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b5a6b9ef1e72397833a39c570bf78b7f816c6c8be57821030c80a8affca34530
b642ae49afd5e7b14eb37308a40c215db4817efaca73324f93b811d7fda2dcaa
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e
ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bc64c57cd08b462324bf3d3d82928df144534c7d0c8398440a473d1002f51faf
c3efbf6f165c36ae7ca340e39ef4d6f99ddb6762abad052d5e02de82cc131376
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c
ca19d84b96dbe58c125291ceda4b9cfe9c884a1764677ce42a6da3d1cbba3a5a
ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503
ce608692ed38d31a2474338d1e081173c854c375ad49814f24556b5614a45aa6
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39
d30ca73e6f0622753bfcbdec7af17d7ae055d455f8278e3e50b5c38142706734
d5a421dbd597a94360622aa975ff3c27809a08e5ddaada7832a692c3b51c5eeb
d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44
d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0a5df872acd477e9dc58fcae321903aacc4a9ae494ffd50a564d66b97d9f5e4
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c
e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e5e1c9d4a9fbbd3e00b14d12243ab0c847270232c41af029674e59f5840b401e
e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6b081116c1c51ef1eddcbde1f8c64b14e1ad07acdac9920e852ae97e321751
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.huntress.com Open in urlscan Pro 2606:2c40::c73c:67e4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

208 Requests

98 %HTTPS

60 %IPv6

46 Domains

76 Subdomains

63 IPs

3 Countries

3685 kBTransfer

9756 kBSize

64 Cookies

25 Outgoing links

Redirected requests

208 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Screenshot
Live screenshot

Full Image

208
Requests

98 %
HTTPS

60 %
IPv6

46
Domains

76
Subdomains

63
IPs

3
Countries

3685 kB
Transfer

9756 kB
Size

64
Cookies

208 HTTP transactions
1 data transactions