www.ekransystem.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1n...
Submission: On July 20 via api (July 20th 2022, 11:50:21 am UTC) from US — Scanned from NL

Summary HTTP 67 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 30 IPs in 4 countries across 25 domains to perform 67 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ekransystem.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 6th 2022. Valid for: a year.

This is the only time www.ekransystem.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400e:80e::200a	15169 (GOOGLE) (GOOGLE)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:1200:1f:f723:6fc0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
3	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.122.75 18.66.122.75	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:27::... 2620:1ec:27::cafe:1799	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:21ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:82ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.184.204.244 52.184.204.244	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
67	30

14 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ekransystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:1200:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-75.fra60.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1799 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:82ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.184.204.244 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

n.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States) 1 redirects

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	ekransystem.com www.ekransystem.com	399 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 542 n.clarity.ms — Cisco Umbrella Rank: 5392 c.clarity.ms — Cisco Umbrella Rank: 1008	26 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 371 www.linkedin.com — Cisco Umbrella Rank: 472 px4.ads.linkedin.com — Cisco Umbrella Rank: 5526	4 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	418 B
4	twitter.com 1 redirects analytics.twitter.com — Cisco Umbrella Rank: 487 platform.twitter.com — Cisco Umbrella Rank: 668	1 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 344 c.bing.com — Cisco Umbrella Rank: 192	13 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4298	1 KB
3	t.co t.co — Cisco Umbrella Rank: 435	626 B
3	google.nl www.google.nl — Cisco Umbrella Rank: 8803	675 B
3	google.com www.google.com — Cisco Umbrella Rank: 10	675 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	194 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 stats.g.doubleclick.net — Cisco Umbrella Rank: 117	3 KB
2	hubspot.com forms.hubspot.com — Cisco Umbrella Rank: 3020 track.hubspot.com — Cisco Umbrella Rank: 2085	2 KB
2	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 13534 tr.lfeeder.com — Cisco Umbrella Rank: 12591	11 KB
2	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 610	30 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 125	32 KB
1	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4774	25 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 1995	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1991	20 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2251	958 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 738	3 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 93	78 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 72	1 KB
67	25

	Domain	Requested by
14	www.ekransystem.com	www.ekransystem.com
4	www.facebook.com	www.ekransystem.com
3	forms.hsforms.com	www.ekransystem.com js.hscollectedforms.net
3	px.ads.linkedin.com	3 redirects
3	analytics.twitter.com	www.ekransystem.com
3	t.co	www.ekransystem.com
3	www.google.nl	www.ekransystem.com
3	www.google.com	www.ekransystem.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.ekransystem.com
3	connect.facebook.net	www.ekransystem.com connect.facebook.net
2	c.clarity.ms	1 redirects
2	n.clarity.ms	www.clarity.ms
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	px4.ads.linkedin.com	www.ekransystem.com
2	static.ads-twitter.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	www.googleadservices.com	www.ekransystem.com www.googletagmanager.com
1	platform.twitter.com	1 redirects
1	track.hubspot.com
1	c.bing.com	1 redirects
1	forms.hubspot.com	js.hscollectedforms.net
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	tr.lfeeder.com	www.ekransystem.com
1	www.linkedin.com	1 redirects
1	sc.lfeeder.com	www.ekransystem.com
1	js.hs-scripts.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	www.ekransystem.com
1	fonts.googleapis.com	www.ekransystem.com
67	34

This site contains links to these domains. Also see Links.

Domain
documentation.ekransystem.com
partner.ekransystem.com
www.linkedin.com
www.facebook.com
twitter.com
www.youtube.com
www.apriorit.com
download.ekransystem.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-28` - `2022-07-27`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.lfeeder.com Amazon	`2022-07-09` - `2023-08-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
*.google.nl GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-12-13` - `2022-12-12`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-06-27` - `2022-09-19`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
Frame ID: 51D57A606321CC0F0D33D0332DD6831A
Requests: 65 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 883D0D2943329B51C4B83D078AC80D7C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 29601028B239D95EFF0F7E677E55C4D0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 – Oops, something is lost! | Ekran System

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

67
Requests

94 %
HTTPS

75 %
IPv6

25
Domains

34
Subdomains

30
IPs

4
Countries

922 kB
Transfer

2631 kB
Size

33
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://documentation.ekransystem.com/view#technical-documentation
Title: Technical Documentation

Search URL Search Domain Scan URL

URL: https://partner.ekransystem.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://documentation.ekransystem.com/view/ekran-system-support-maintenance-policy
Title: Support Policy

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/ekran-system

Search URL Search Domain Scan URL

URL: https://www.facebook.com/EkranSys

Search URL Search Domain Scan URL

URL: https://twitter.com/ekransysteminc

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJ2APPQWttnhLyJPYHCRTRQ

Search URL Search Domain Scan URL

URL: https://www.apriorit.com/competences/web-app-development
Title: Web solution developed by Apriorit

Search URL Search Domain Scan URL

URL: https://download.ekransystem.com/EkranSystem-en.zip

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D458844%26time%3D1658317815260%26url%3Dhttps%253A%252F%252Fwww.ekransystem.com%252Fen%252Fblog%252Freal-life-examples-insider-threat-caused-breaches%255Bhttps%253A%252F%252Ft.e2ma.net%252Fclick%252F3185dd%252F39qh1nj%252Fbksvfg%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&liSync=true&e_ipv6=AQIFH7cQ1hYvVQAAAYIbccBsQrU2qVlgaEb-p4wsbd5gexjS3V06SekSDWVEwnuA2btAnA

Request Chain 59

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&RedC=c.clarity.ms&MXFR=28515328C3D66AE50D6442CFC7D664A5 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&MUID=0BB14FCB2F5D607D0F015E2C2E6C6163

Request Chain 61

https://platform.twitter.com/oct.js HTTP 301
https://static.ads-twitter.com/oct.js

Request Chain 62

https://px.ads.linkedin.com/collect/?pid=458844&conversionId=4376778&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=458844&conversionId=4376778&fmt=gif&e_ipv6=AQJRdKv4f84_GgAAAYIbccLu8n0NpTAzADmmqNKpKmj7jMg0WJ98xa_pd5JRBPRceYBYGw

67 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request bksvfg Show response
www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/ 48 KB
12 KB 942ms
861ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d9e0751276161ff1360ea3af7baa5fb6828dc375e927b9f03dd90a4989dcf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=60
cf-cache-status: DYNAMIC
cf-ray: 72db7a60fe2ab7fb-AMS
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 20 Jul 2022 11:50:14 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Sun, 19 Nov 1978 05:00:00 GMT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
last-modified: Wed, 20 Jul 2022 11:50:14 GMT
link: <https://www.ekransystem.com/en>; rel="canonical"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDBE%2BljKYNONwrFu5%2FjN25ccbEfAlV%2BqhbsqVmAAOuP76F4kMi%2Bs78aobiM9Rg51vcbXT1uaWpN0VF%2BJddil8cD%2B85Doxks%2FBT0HQC5ObYYPiShyS9onCfgIfKEpPq6NeSuWD%2BHA0pTH5b8ddRWKrOcb"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Cookie,Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-drupal-cache: MISS
x-frame-options: SAMEORIGIN
x-httpd: 1
x-proxy-cache: MISS
x-proxy-cache-info: 0 NC:000000 UP:

GET
H2 200 css__RFmqmnsOSWTrD6YIkospxJLz56HEuOItkUfVlcOeMCk__uGL9nKAE9DJiV6fgjMnFBn1zsDGy8qBechVN4OiTu2o__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
www.ekransystem.com/sites/default/files/advagg_css/ 32 KB
8 KB 72ms
71ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ekransystem.com/sites/default/files/advagg_css/css__RFmqmnsOSWTrD6YIkospxJLz56HEuOItkUfVlcOeMCk__uGL9nKAE9DJiV6fgjMnFBn1zsDGy8qBechVN4OiTu2o__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72bce44e6647c0e558aa2a1c4333be825215893b23df574b06438b53d8381a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 764667
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Jul 2020 12:40:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTO5BCC7IlgDCHwHev9pZgGTjtrqbYL%2F2%2Fw6g88P1F76nPGxBmGkWmDdnKVaho%2F609fNhvB%2BwlFhGDGb%2FoU99eEc2fITQEulDGFfDOeSxg1sAiVlqoOiXd0aSRSutuZ2KMrUty6MVsNzN6%2F1XjheNXci"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-httpd: 1
cache-control: public, max-age=31449600, no-transform, immutable
cf-ray: 72db7a66793ab7fb-AMS
x-proxy-cache: HIT
expires: Mon, 10 Jul 2023 15:25:05 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 85ms
30ms Stylesheet
text/css 2a00:1450:400e:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600&subset=latin-ext,cyrillic

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bb5677bcd61703e98d4e275bee546ffa99a970f913b699a727398802da8d4c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 11:50:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 20 Jul 2022 11:50:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 20 Jul 2022 11:50:14 GMT

GET
H2 200 css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
www.ekransystem.com/sites/default/files/advagg_css/ 346 KB
66 KB 46ms
46ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

333035ddbc85a2ac50943b10a9531d5405f37b2fd490ccd310062db9857fcdd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 764667
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 14 Jun 2022 12:16:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCL3a4mcxCLRXyfSXqIKkzfaiqmRCiw5uE094iDFUFtHuj29Vzi8SmV27bBLcSN1GOBzwONb84TN3oh9sEgFRL9vuEYDklZD8dSBXgVHj6xy%2BDnLb5pcH0%2BXJA%2F%2Bh2PqByyhOk12kfaQzvV5XyRuzvlQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-httpd: 1
cache-control: public, max-age=31449600, no-transform, immutable
cf-ray: 72db7a66793cb7fb-AMS
x-proxy-cache: HIT
expires: Mon, 10 Jul 2023 15:25:05 GMT

GET
H3 200 logo.png
www.ekransystem.com/sites/all/themes/ekransystem/ 951 B
2 KB 46ms
45ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/logo.png

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85350dee6ba59771f929818b768257e50234b6c34d3f05e0a92e91fbc4b19117

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9092
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 951
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "3b7-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PreoY4pXP7ER8GcE1ccGI3ez3UVkMCj6paRoVB9SA%2Ft6q7I7eVsE%2BPDKFgzPhcDn1nNuzASo1%2BKDhVGX1JnQuUqSSUzipnJ0omDIVjBf7gd67h7j7GlrzgDleTAQQrwo6Uccr2Jykksd3XA9uppXvJM9"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a670871b713-AMS
x-proxy-cache: MISS
expires: Sat, 23 Jul 2022 00:02:30 GMT

GET
H3 200 linew.png
www.ekransystem.com/sites/all/themes/ekransystem/img/ 513 B
1 KB 47ms
46ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/linew.png

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87e625a5f598b056032263d17b408579c6ed75d9f7a47497d0df1c8788514631

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 445070
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 513
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "201-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DwBicQVk5122%2BqmvmbqBvsvUNGln6Io%2FHqPLULqp9GEZrrM%2B20NIlQ1V%2BnH%2Bg870%2FfxBlybSKiqKLickBEkpv0nDQBWFqsj9M%2FmgdrAqW05pwsKjypWC3GjmvFgH7aafjn0CkHWopTMdIyqI4Ta%2Bfb%2FI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a670873b713-AMS
x-proxy-cache: HIT
expires: Wed, 27 Jul 2022 03:28:08 GMT

GET
H3 200 fbnew.png
www.ekransystem.com/sites/all/themes/ekransystem/img/ 474 B
1 KB 152ms
151ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/fbnew.png

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6c9576a1174f5aad4796a44f557bc47c1c8c9d8baa9e255e045ecf74d14d2bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9086
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 474
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "1da-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CHtnohASJy82553DXYG5DGA4umsu41lxPhIhDC%2BnhKX0NJNqJW4X9G%2FmiqxoLCpD3fAmOO2GGDXpcBTDt7sDZbepMv5a2TavjEiDzuqIdf4ALlLthd%2FozIrIWpYNzjf4Huil76tHFyIk2PZSfRHXPXUn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a670876b713-AMS
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 12:14:14 GMT

GET
H3 200 twnew.png
www.ekransystem.com/sites/all/themes/ekransystem/img/ 538 B
1 KB 47ms
46ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/twnew.png

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

243c96f4fc86cf0eb8699a4c10d8ac3c7bfbd31591b0a68c138f4007319dcaeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9086
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 538
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "21a-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnm5kKgn5OMxZEs5UAeZJffaO9%2Fr15qKhnZCbCIeNcikDGU%2BM54mrkZV8WEwdo%2FyvTXgk3v6eMN4WxJvHpRofaUVc76WyvCyIPMmRAe7BvNcYTaxUhEA501b%2Bmx7KaWi9Fjexn%2B%2FmNGmzQ3RZS9mE9k%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a670877b713-AMS
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 03:28:08 GMT

GET
H3 304 youtubenew.png
www.ekransystem.com/sites/all/themes/ekransystem/img/ 0
649 B 153ms
152ms Image 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/youtubenew.png

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 648992
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "2c9-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1LT8XAYpyqENjgCAmRQbQAWxWtO19XDSfnQfj7WyxkLaVNp4URH9qKCBID8nlGkOXGWZ3INj8MqR9HJJJMNquDqOUq7Ki%2Fntdp5B3JZmp4DCMt%2B3QeT5PyUAvaI%2B%2FFi3Gj2oDjn3X%2F7GxOXI3A3c3VNK"}],"group":"cf-nel","max_age":604800}
x-httpd: 1
cache-control: max-age=1209600
cf-ray: 72db7a670879b713-AMS
x-proxy-cache: HIT
expires: Sun, 24 Jul 2022 15:25:49 GMT

GET
H3 200 js__6a6tgxxkYL26qBBgzn_A3Q--7qJ7x-5nKff75-GRm4M__DZh1sy-CXdxA2RJPp7k2JBYVa95SE3tHGRnjOew-yF4__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.js Show response
www.ekransystem.com/sites/default/files/advagg_js/ 189 KB
68 KB 107ms
107ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ekransystem.com/sites/default/files/advagg_js/js__6a6tgxxkYL26qBBgzn_A3Q--7qJ7x-5nKff75-GRm4M__DZh1sy-CXdxA2RJPp7k2JBYVa95SE3tHGRnjOew-yF4__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.js

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50007cdfc84b41ab831ebc6febfc325c15605e768770083c193f0eac9801307

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3642657
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 10 Jan 2022 12:22:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4%2Fz5LJAcE87lurDdi9Em2giCSq8YAtSqj4G4WTnamvha%2B5y2SVb1UQq%2BPiRJZbEjJQijEW0Qr9xJ0vCZncd4wvSmB3m38xn%2BWrJPM9CgkKbjYebvCo27U7xMlgm0Ni3ioHZGEnMQ4rIohPZzqHlF%2B6D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-httpd: 1
cache-control: public, max-age=31449600, no-transform, immutable
cf-ray: 72db7a66f84bb713-AMS
x-proxy-cache: MISS
expires: Wed, 07 Jun 2023 07:59:17 GMT

GET
H3 200 js__2QOsYmtwdr01z6vTCJHCdgUOiPURGKbLzngZyGN6z8Y__JM0LloFNEsA2be1jQfuoPm1FUH3-pgYmtI917g38IXM__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.js Show response
www.ekransystem.com/sites/default/files/advagg_js/ 343 KB
105 KB 50ms
50ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ekransystem.com/sites/default/files/advagg_js/js__2QOsYmtwdr01z6vTCJHCdgUOiPURGKbLzngZyGN6z8Y__JM0LloFNEsA2be1jQfuoPm1FUH3-pgYmtI917g38IXM__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.js

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20171a2a7b7bfad928d596486d2cb6f08216455098270d69bc784d5993a7c654

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3644669
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 01 Oct 2021 08:24:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eubnIaBGtfO02iBsTIioiaSSQj8FhKmNCxZlrOUvZCGeZA0lt5N4EtCNQDsDNPBdCuQPLKo6FGarsTllE6IHcvHyX6ncnuLO8k3LgjhR9rIy%2FHd%2F3VcstmnS%2FdTt2mFJP%2BqYloQlXSVPw25aw2W21OTu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-httpd: 1
cache-control: public, max-age=31449600, no-transform, immutable
cf-ray: 72db7a66f869b713-AMS
x-proxy-cache: MISS
expires: Wed, 07 Jun 2023 07:25:44 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 132ms
47ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17001
x-xss-protection: 0
server: cafe
etag: 6464440653375776403
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 20 Jul 2022 11:50:14 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 230 KB
78 KB 130ms
59ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ddd4949c87bb5202b6c262aeff50607e83e5980204c692443fbdbc7e7b04a67d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79338
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 20 Jul 2022 11:50:14 GMT

GET
H3 200 globe_icon.svg
www.ekransystem.com/sites/all/themes/ekransystem/img/ 3 KB
2 KB 150ms
150ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/globe_icon.svg

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

221b0e0a9ac78cd8a1baab5e554ff01ee96bd66afad3450677ac8c7aa78f1d0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 454665
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: W/"c34-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0FGzkFFQZaOuqxBeMnQny0SxcsX2BAvrj0vUZkqdQUleGQVAP1Cg752QX4D0KHuWmEA4JojnYbKK%2F%2FGZSsCCiFGwN03aSveBDAtywF%2Bpx6IvCDnttSH7tqmGi7ymJt%2FaxBPUdWJERMMkU3iOJu7Elfqt"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
x-httpd: 1
cache-control: max-age=1209600
cf-ray: 72db7a67087fb713-AMS
x-proxy-cache: HIT
expires: Wed, 27 Jul 2022 11:14:29 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 102ms
30ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600&subset=latin-ext,cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ekransystem.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 23:10:25 GMT
x-content-type-options: nosniff
age: 131989
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jul 2023 23:10:25 GMT

GET
H3 200 bg-try-it-now.jpg
www.ekransystem.com/sites/all/themes/ekransystem/img/ 107 KB
107 KB 137ms
136ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/bg-try-it-now.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

595434f0b2f741aeab1e88db6fdda74c5a906fce4b886dd014dcc0924c4eb0d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9086
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 109338
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "1ab1a-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uuBVyApE8mEhiDc7M5xI%2B8GHZL6lHBWy8kEPpKFIAMb8ixGt6rrUeqCHcscOKh4P1%2FX7tw%2B6%2F%2BE6k82j%2BdBJOESNtvyx9S%2FJsgfsKbnoYGl%2FssQ9YxxwAEyg92FBiGiOQ%2FR2tda7Ea2hsyTy4JBZpvs"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a6718a0b713-AMS
x-proxy-cache: MISS
expires: Wed, 27 Jul 2022 12:22:03 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/859699533/ 2 KB
2 KB 118ms
46ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/859699533/?random=1658317815037&cv=9&fst=1658317815037&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff8efff21698ed3cb641b684e095d3402072507a3d92e8103a2175630ab72c5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1112
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 98ms
33ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6e164ad4aa1f1905c44c2e4e57088f313738d18320a99a7e6a984b862523d96d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26001
x-xss-protection: 0
pragma: public
x-fb-debug: 7HCgoqyKjL5Ln2hNGQ0Uoh/VVNTZ/1OgZLJhrherXm2h0PJtL1ykjULLqXSXyQYDDFkz36WXjz1iPNx9Z1knyw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Wed, 20 Jul 2022 11:50:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 bg-cookies.jpg
www.ekransystem.com/sites/all/themes/ekransystem/img/ 21 KB
22 KB 42ms
42ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/bg-cookies.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59f34b34f48829a43f347e7685fa1bc2328c14640ec6df1dfde8d4c5b615efd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 764665
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21884
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "557c-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8k9h0yT4SOlVeen655xeM9RPRVN24nRHwbBw%2FCrWnnk2YOr83usxoSs0lgB5OHuudUsK46MExlQOxrVZcIntB4vxV%2FB6ZhTLNPE8CgBjuuyRIN3nMhdHVAAKmwpaHN8Q8NxJ0vIbMlv%2BR9oDzYMeaIF"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a683a0bb713-AMS
x-proxy-cache: MISS
expires: Mon, 25 Jul 2022 15:25:50 GMT

GET
H3 200 cookie.png
www.ekransystem.com/sites/all/themes/ekransystem/img/ 2 KB
3 KB 41ms
41ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ekransystem.com/sites/all/themes/ekransystem/img/cookie.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d420eee29f5fba4010c5e38e0a2820fe099c592ea07a53aa425a8ae862a69a3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/sites/default/files/advagg_css/css__vp96rci-Xhb_xomX8kCQsM-0kuiqj6OVo_CD2bW52ig__vwN0KBl_hRKs5M3kWEtsxkxVbU1si8MAbAznmTO6Cm0__jtDaGCi8gz08nyBwClXKSKfKpJj0EbY1GritnswvTg8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 764666
x-proxy-cache-info: 0 NC:000000 UP:
host-header: 6b7412fb82ca5edfd0917e3957f05d89
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2116
last-modified: Mon, 06 Jun 2022 09:12:05 GMT
server: cloudflare
etag: "844-5e0c3dd9f4340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRco7rNY8XrX4u7blDpw5xMqmyjnkFNa1TAqEBUAvx5qdcwDmF4VEoNkbgJ1oMso5yTRWNB2RE%2BKkxxrlArCpHaJomQsnbWHSB9D2QLmxiQy7q9NFWsc74aT1sUPVSR6l7OshtrQV55JXics0SK%2BwiC%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-httpd: 1
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 72db7a683a0eb713-AMS
x-proxy-cache: MISS
expires: Mon, 25 Jul 2022 15:25:49 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 107ms
34ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2895
date: Wed, 20 Jul 2022 11:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 20 Jul 2022 13:02:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 40 KB
15 KB 115ms
51ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15160
x-xss-protection: 0
server: cafe
etag: 9823212955285023900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 20 Jul 2022 11:50:15 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 129ms
31ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Wed, 20 Jul 2022 11:50:15 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=16722
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 124ms
57ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0fcff9391b8f4560e9bc64c28dcd9101f66de7b93676ea8cc254980567f663db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 18:22:08 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D09EDE9EE484DAB82B76430B806DE6C Ref B: AMS04EDGE3520 Ref C: 2022-07-20T11:50:15Z
etag: "0c8eafcad81d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Wed, 20 Jul 2022 11:50:15 GMT
accept-ranges: bytes
content-length: 11360

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 106ms
31ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: gzip
last-modified: Tue, 19 Jul 2022 17:28:46 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kiad7000093-IAD, cache-hhn11544-HHN

GET
H2 200 612026.js Show response
js.hs-scripts.com/ 1 KB
958 B 469ms
415ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/612026.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NGT2V66
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60ac8e50fbfe078a022ef4fe835719970b87b6b83d28d05174843b21a59ce674

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 0693dbb7-c9e1-4052-8494-040a03497a82
last-modified: Wed, 20 Jul 2022 11:33:42 GMT
server: cloudflare
x-trace: 2BC4610F5E56E12A381769EC3496731CBD153CAFAC000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.ekransystem.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 72db7a68eda8b94a-AMS
expires: Wed, 20 Jul 2022 11:51:15 GMT

GET
H2 200 lftracker_v1_kn9Eq4RKGpYaRlvP.js Show response
sc.lfeeder.com/ 29 KB
11 KB 101ms
34ms Script
application/javascript 2600:9000:225e:1200:1f:f723:6fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_kn9Eq4RKGpYaRlvP.js
Requested by: Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1200:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 797cc557a4293ab04b3a9d59ee6ef56134578f62c59511402c84bd23d50767b4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: P4wHF1LKt7ngof4lxOyt5iQE07PT6Ugm
content-encoding: gzip
last-modified: Mon, 27 Jun 2022 07:33:33 GMT
server: AmazonS3
age: 3246
etag: W/"5442add6294789e8be0a59fc25b018c9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Wed, 20 Jul 2022 10:57:25 GMT
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: FELF-phy9pcJ7_EibWAO6devR3DYzrhtkYh3l762_9uh9BiyngB9OA==

GET
H3 200 402268610223163 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 204ms
168ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/402268610223163?v=2.9.65&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b304c32dc60b0877b4ee178787120017782e75b733e19ede19df0129654d73f3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coop_report","include_subdomains":true}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 8JPNmR03pD8zEgAbvVynkOyZhfrismik5SQgBb/vucGRL4Is3C/Pot3HKhi8/OEalDBkWvQdcV9IJf1296AktA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 20 Jul 2022 11:50:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1658317815356
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/859699533/ 42 B
548 B 116ms
45ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/859699533/?random=1658317815037&cv=9&fst=1658314800000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&fmt=3&is_vtc=1&random=528532676&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.nl/pagead/1p-user-list/859699533/ 42 B
548 B 120ms
44ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/pagead/1p-user-list/859699533/?random=1658317815037&cv=9&fst=1658314800000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&fmt=3&is_vtc=1&random=528532676&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 101ms
38ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=329601880&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&ul=en-us&de=UTF-8&dt=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1899111172&gjid=1401935970&cid=1604840232.1658317815&tid=UA-24043858-1&_gid=1615049414.1658317815&_r=1&gtm=2wg7i0NGT2V66&z=861850318

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ekransystem.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ekransystem.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
188 B 197ms
127ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=9a76632c-c660-415a-9298-db467ebfc488&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2azq&type=javascript&version=2.4.15

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 97
date: Wed, 20 Jul 2022 11:50:14 GMT
server: tsa_f
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c97c5c95985d2b1be142825213c6a49691ce881c050d77c0dc8a4e32f16f7ac2
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
354 B 200ms
119ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=9a76632c-c660-415a-9298-db467ebfc488&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2azq&type=javascript&version=2.4.15

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 89
date: Wed, 20 Jul 2022 11:50:14 GMT
server: tsa_f
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: f83ed08818d08536fd3d227fd9970e0d531d77326a47c2688a46029010a5c090
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
337 B 191ms
122ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=8e8a47d3-8aa0-42e8-af8f-31c47cd980cd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2azq&type=javascript&version=2.4.15

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 92
date: Wed, 20 Jul 2022 11:50:14 GMT
server: tsa_f
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c97c5c95985d2b1be142825213c6a49691ce881c050d77c0dc8a4e32f16f7ac2
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
199 B 206ms
125ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8e8a47d3-8aa0-42e8-af8f-31c47cd980cd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2azq&type=javascript&version=2.4.15

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 95
date: Wed, 20 Jul 2022 11:50:14 GMT
server: tsa_f
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: f83ed08818d08536fd3d227fd9970e0d531d77326a47c2688a46029010a5c090
content-length: 43

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/859699533/ 2 KB
1 KB 115ms
49ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/859699533/?random=1658317815256&cv=9&fst=1658317815256&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21dcb758dab1eb82a503282eb5f702dfd571ba44af4018d4eda317d2d64a29e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1124
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft....
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D458844%26time%3D1658317815260%26url%3Dhttps%253A%252F%252Fwww.ekransystem.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft....
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft...

0
266 B

300ms
196ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&liSync=true&e_ipv6=AQIFH7cQ1hYvVQAAAYIbccBsQrU2qVlgaEb-p4wsbd5gexjS3V06SekSDWVEwnuA2btAnA
Requested by: Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CE55803A5CEC42D49ABAC77465847971 Ref B: AMS04EDGE3612 Ref C: 2022-07-20T11:50:16Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXkOzRcD0WyNjhEHUIFhg==
x-li-fabric: prod-lor1

Redirect headers

date: Wed, 20 Jul 2022 11:50:15 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 50C449E36D7D44B49F8E0E584B94BE09 Ref B: AMSEDGE0917 Ref C: 2022-07-20T11:50:15Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=458844&time=1658317815260&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&liSync=true&e_ipv6=AQIFH7cQ1hYvVQAAAYIbccBsQrU2qVlgaEb-p4wsbd5gexjS3V06SekSDWVEwnuA2btAnA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXkOzRWS4yJ6SJnb1dOrg==

GET
H2 200 25067615.js Show response
bat.bing.com/p/action/ 828 B
767 B 169ms
168ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25067615.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

44e2979ec577d9f4ffc9b383cc75095c343c3024e742fef886aa14a8a37ecc6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08C7344C64724072A12A60B7F6DD7D7D Ref B: AMS04EDGE3520 Ref C: 2022-07-20T11:50:15Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Wed, 20 Jul 2022 11:50:15 GMT
content-length: 572

GET
H2 204 0
bat.bing.com/action/ 0
176 B 45ms
45ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25067615&tm=gtm002&Ver=2&mid=a793917e-27e9-4b0d-a694-69a7acc8ac52&sid=1e8a8e60082211edba63731eb86aee4c&vid=1e8ab5b0082211ed9874c7656b0856c9&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=404%20%E2%80%93%20Oops,%20something%20is%20lost!%20%7C%20Ekran%20System&p=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&r=&lt=1259&evt=pageLoad&msclkid=N&sv=1&rn=761748

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 68E9FB636F824EE2942CA2EF42AB0717 Ref B: AMS04EDGE3520 Ref C: 2022-07-20T11:50:15Z
date: Wed, 20 Jul 2022 11:50:15 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
tr.lfeeder.com/ 43 B
293 B 179ms
107ms Image
image/gif 18.66.122.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=kn9Eq4RKGpYaRlvP&data=eyJnYVRyYWNraW5nSWRzIjpbIlVBLTI0MDQzODU4LTEiXSwiZ2FNZWFzdXJlbWVudElkcyI6W10sImdhQ2xpZW50SWRzIjpbIjE2MDQ4NDAyMzIuMTY1ODMxNzgxNSJdLCJjb250ZXh0Ijp7ImxpYnJhcnkiOnsibmFtZSI6ImxmdHJhY2tlciIsInZlcnNpb24iOiIyLjUwLjEifSwicGFnZVVybCI6Imh0dHBzOi8vd3d3LmVrcmFuc3lzdGVtLmNvbS9lbi9ibG9nL3JlYWwtbGlmZS1leGFtcGxlcy1pbnNpZGVyLXRocmVhdC1jYXVzZWQtYnJlYWNoZXNbaHR0cHM6Ly90LmUybWEubmV0L2NsaWNrLzMxODVkZC8zOXFoMW5qL2Jrc3ZmZyIsInBhZ2VUaXRsZSI6IjQwNCDigJMgT29wcywgc29tZXRoaW5nIGlzIGxvc3QhIHwgRWtyYW4gU3lzdGVtIiwicmVmZXJyZXIiOiIifSwiZXZlbnQiOiJ0cmFja2luZy1ldmVudCIsImNsaWVudEV2ZW50SWQiOiIzZTlmN2RjZmJlYzNhYzZmIiwic2NyaXB0SWQiOiJrbjlFcTRSS0dwWWFSbHZQIiwiY29va2llc0VuYWJsZWQiOnRydWUsImNvbnNlbnRMZXZlbCI6Im5vbmUiLCJhbm9ueW1pemVJcCI6ZmFsc2UsImxmQ2xpZW50SWQiOiJMRjEuMS4wYjAxYmE2MzYwMjcxM2ZkLjE2NTgzMTc4MTUzMzAiLCJmb3JlaWduQ29va2llcyI6W10sInByb3BlcnRpZXMiOnt9LCJhdXRvVHJhY2tpbmdFbmFibGVkIjp0cnVlLCJhdXRvVHJhY2tpbmdNb2RlIjoib25fc2NyaXB0X2xvYWQifQ==
Requested by: Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-75.fra60.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
via: 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: jckLYu9QFhLT1zhKAgB2lUuwo4OjyNlwT2v7dPUAR7A5x_1VY9OG5A==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 96ms
32ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-24043858-1&cid=1604840232.1658317815&jid=1899111172&gjid=1401935970&_gid=1615049414.1658317815&_u=YEBAAEAAAAAAAC~&z=1243695569

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ekransystem.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 20 Jul 2022 11:50:15 GMT
content-type: text/plain
access-control-allow-origin: https://www.ekransystem.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/859699533/ 42 B
64 B 113ms
45ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/859699533/?random=1658317815256&cv=9&fst=1658314800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&async=1&fmt=3&is_vtc=1&random=957725066&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.nl/pagead/1p-user-list/859699533/ 42 B
64 B 111ms
46ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/pagead/1p-user-list/859699533/?random=1658317815256&cv=9&fst=1658314800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&frm=0&url=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tiba=404%20%E2%80%93%20Oops%2C%20something%20is%20lost!%20%7C%20Ekran%20System&async=1&fmt=3&is_vtc=1&random=957725066&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 25067615 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 223ms
121ms Script
application/x-javascript 2620:1ec:27::cafe:1799
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/25067615
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/25067615.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1799 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 808c95d7dd523ce5c328d6111a358d210a7d25d61fc1024d549fbc1bcf806712

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:14 GMT
x-powered-by: ASP.NET
x-azure-ref: 09+vXYgAAAADdy12SEjJkSJMU1e8IDkN3TUFOMzBFREdFMDMxMwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 68ms
68ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-24043858-1&cid=1604840232.1658317815&jid=1899111172&_u=YEBAAEAAAAAAAC~&z=740889451

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.nl/ads/ 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-24043858-1&cid=1604840232.1658317815&jid=1899111172&_u=YEBAAEAAAAAAAC~&z=740889451

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 156193358568152 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 168ms
168ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/156193358568152?v=2.9.65&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

23734e52209fd0f65c4dd85d8b1368c1cf79c8b3e1071c3c001cbb14c9f3b78a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coop_report","include_subdomains":true}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: V4KbqssxXl3yQPKPiXn9WTKM5M32s8srn+Q5ke4qkL0+dEoZOot7hBBXRM2O4Y16qAqe7SIjdbZy328JKNM1XQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 20 Jul 2022 11:50:15 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1658317815645
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 104ms
35ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=402268610223163&ev=PageView&dl=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&rl=&if=false&ts=1658317815489&sw=1600&sh=1200&v=2.9.65&r=stable&ec=0&o=30&fbp=fb.1.1658317815487.1609634507&it=1658317815163&coo=false&exp=u0&rqm=GET

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Wed, 20 Jul 2022 11:50:15 GMT

GET
H2 200 612026.js Show response
js.hs-analytics.net/analytics/1658317800000/ 62 KB
20 KB 224ms
162ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1658317800000/612026.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/612026.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33a089450783bf5d007e2be542a23e3a0b1246ef986399bac808adb33949371a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 6F9M2J1JR9KSBC4X
x-amz-server-side-encryption: AES256
cf-ray: 72db7a6beab6b71f-AMS
x-amz-id-2: mfHuIuYQ5ztN9VbSi57jUKnM/rb4IvkPrJwbcyzoJuK4ACdsO/PDyAO8ncI4tUmXzlRIFDSYJBk=
last-modified: Tue, 14 Jun 2022 14:59:31 GMT
server: cloudflare
etag: W/"39263fb5a78650ee5e8ec62362a2f471"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Wed, 20 Jul 2022 11:55:15 GMT

GET
H2 200 612026.js Show response
js.hs-banner.com/ 59 KB
16 KB 475ms
411ms Script
text/javascript 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/612026.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/612026.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b9e209ee219b7fe43269cedbea351b36cb3efecfaf4441abcefea198db9b994

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 2Z7P41HHEN7KMN9Q
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: PmNbeMJFMy5wbAL0dlHj4Ql00PR2jAspGPKDW9inajEs9MEclOx3LuK734v6/8l2e8s5u1n1y5A=
timing-allow-origin: *
last-modified: Fri, 03 Jun 2022 14:03:43 GMT
server: cloudflare
etag: W/"e3d62d3581f0830d3d440abb229784b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: Py4KOWVBVaWCjI40OfneEO2Ypj5Szl38
access-control-allow-origin: https://www.ekransystem.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 72db7a6bfd71b72e-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Wed, 20 Jul 2022 11:55:16 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 72 KB
25 KB 92ms
36ms Script
application/javascript 2606:4700::6811:82ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/612026.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:82ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e0a88a680075dec852a87e3caa62bbb27bc77affb238de1778e1a8dca88e088

Request headers

Referer: https://www.ekransystem.com/
Origin: https://www.ekransystem.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 11000
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.285/bundles/project.js&cfRay=72da6dddae9ab873-IAD
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 72db7a6bee05b8cc-AMS
last-modified: Mon, 18 Jul 2022 02:17:32 UTC
server: cloudflare
etag: W/"877e5f54a66a69786dec54038d0864c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-version-id: gdKWpz_yvObw8s97wY_QgOhrdmJzIElp
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: jlQJsYn429Bzc96VuPonUutwHdGQOnRrt0--gcO6SVERg5sQaf6IXw==
x-hs-target-asset: collected-forms-embed-js/static-1.285/bundles/project.js

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-f/s/0.6.36/ 52 KB
23 KB 121ms
120ms Script
application/javascript 2620:1ec:27::cafe:1799
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/25067615
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1799 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: e8aff6a8426e2182081c0e696ff05c3b10eeb43716fe56bbc9f8b3b3069c6736

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: br
etag: "1d897c159e34826"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 09+vXYgAAAADqnQ75NcGcTpAuwtdAzISITUFOMzBFREdFMDMxMwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 114 B
1 KB 228ms
173ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=612026&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a943e4b6b94341c5423fba09f224923d33cacf65ddbe2cef5e26b7a23907831

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.ekransystem.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6280ceee-f580-44b1-9abe-0da349f423a3
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0HltbNy7jXlMFqbrxxn1Cj%2Fyt%2FAc%2BvP6BIfnjwWLXluZBjDbTEQtDdUyy7gpYZ1LBd2OOPDazWjt16ts9%2F1PbE6DygBU7HqmN680e2M5YbFIjcpgnEG7uQxrBu5K3reP%2FD%2BQclX%2BLIO7RcX4CxU"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.ekransystem.com
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 72db7a6cadb9b722-AMS
access-control-allow-headers: *

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 70ms
33ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=156193358568152&ev=PageView&dl=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&rl=&if=false&ts=1658317815718&sw=1600&sh=1200&v=2.9.65&r=stable&ec=0&o=30&fbp=fb.1.1658317815487.1609634507&it=1658317815163&coo=false&exp=u0&rqm=GET

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:15 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Wed, 20 Jul 2022 11:50:15 GMT

POST
H2 204 collect Show response
n.clarity.ms/ 0
178 B 571ms
339ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.ekransystem.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://www.ekransystem.com
date: Wed, 20 Jul 2022 11:50:15 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
516 B 221ms
158ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 4d33fd0b-e314-4284-b4fc-a4a7f0960574
cf-ray: 72db7a6e2905b8ba-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2B1905A65472DC75607D53914EF623C80FC0FC7413000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
169 B 178ms
171ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: feea61dd-abf1-46bb-bd44-6b6b1de66b80
cf-ray: 72db7a6e290bb8ba-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2B48A73024884C41054D0AA607F4F07786D10DD7BD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 883D 0
15 B 34ms
34ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.ekransystem.com
Referer: https://www.ekransystem.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.ekransystem.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 11:50:16 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
472 B 210ms
175ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: d05f802e-4ff1-4e54-a3a3-1d79b360a131
cf-ray: 72db7a6fbfe2b731-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2BC04134B5365AE2DBA453C966B380CDEC5B55FCAA000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 2960 0
15 B 33ms
33ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.ekransystem.com
URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.ekransystem.com
Referer: https://www.ekransystem.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.ekransystem.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 11:50:16 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&RedC=c.clarity.ms&MXFR=28515328C3D66AE50D6442CFC7D664A5
https://c.clarity.ms/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&MUID=0BB14FCB2F5D607D0F015E2C2E6C6163

42 B
369 B

38ms
38ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&MUID=0BB14FCB2F5D607D0F015E2C2E6C6163
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:16 GMT
last-modified: Wed, 13 Jul 2022 17:48:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "96611cd5e096d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 20 Jul 2022 11:50:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC5FCDA05F36457A9D0F7757B1BCF698 Ref B: AMS04EDGE3520 Ref C: 2022-07-20T11:50:16Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=DE74693B5D154C50A54FADB90AF256DE&MUID=0BB14FCB2F5D607D0F015E2C2E6C6163
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
964 B 232ms
158ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=219069474&v=1.1&a=612026&rcu=https%3A%2F%2Fwww.ekransystem.com%2Fen&pu=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&t=404+%E2%80%93+Oops%2C+something+is+lost!+%7C+Ekran+System&cts=1658317816444&vi=68d9eebe37a52aa14d1e896273c94e0c&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e8b6025d-f5a6-4584-a567-26002437777f
cf-ray: 72db7a715c82b719-AMS
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCxj2iyMylvJLsH3aOdab3abvRe7LOtPtmT%2BNnI1TduVV4HN6r6uwrtVBtO6TWXQcGee0HuOtIJWb%2FNCF0T2zY%2Bw1dOqgLOTsKYjoM53rAq0Aemo%2BcMGIFiI982n%2B1oxMn2R%2FptcJRMD2VfFAcXr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2

200

oct.js Show response
static.ads-twitter.com/
Redirect Chain

https://platform.twitter.com/oct.js
https://static.ads-twitter.com/oct.js

56 KB
15 KB

31ms
31ms

Script
application/javascript

199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Protocol: H2
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
content-encoding: gzip
last-modified: Tue, 19 Jul 2022 17:28:46 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kcgs7200110-IAD, cache-hhn11544-HHN

Redirect headers

x-tw-cdn: VZ
Date: Wed, 20 Jul 2022 11:50:16 GMT
Server: ECS (amb/6B74)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location: https://static.ads-twitter.com/oct.js
Server-Timing: x-cache;desc= ,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=458844&conversionId=4376778&fmt=gif
https://px4.ads.linkedin.com/collect?pid=458844&conversionId=4376778&fmt=gif&e_ipv6=AQJRdKv4f84_GgAAAYIbccLu8n0NpTAzADmmqNKpKmj7jMg0WJ98xa_pd5JRBPRceYBYGw

43 B
248 B

196ms
195ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=458844&conversionId=4376778&fmt=gif&e_ipv6=AQJRdKv4f84_GgAAAYIbccLu8n0NpTAzADmmqNKpKmj7jMg0WJ98xa_pd5JRBPRceYBYGw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 11:50:16 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CAC0764897E6415E90B4E93C7E7BA773 Ref B: AMS04EDGE3612 Ref C: 2022-07-20T11:50:16Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-type: image/gif
content-length: 65
x-li-uuid: AAXkOzRkPXivG0xiCXM+zQ==

Redirect headers

date: Wed, 20 Jul 2022 11:50:16 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: FB7864D2800345678E5344C220D3A844 Ref B: AMSEDGE0917 Ref C: 2022-07-20T11:50:16Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?pid=458844&conversionId=4376778&fmt=gif&e_ipv6=AQJRdKv4f84_GgAAAYIbccLu8n0NpTAzADmmqNKpKmj7jMg0WJ98xa_pd5JRBPRceYBYGw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXkOzRhRZ+SkT/kPXxhMQ==

GET
H2 200 adsct
t.co/i/ 43 B
101 B 120ms
120ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=1&event_id=a72a4ac7-cd75-495e-a14a-16d56dca9703&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o64x0&type=javascript&version=2.4.15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 90
date: Wed, 20 Jul 2022 11:50:16 GMT
server: tsa_f
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c97c5c95985d2b1be142825213c6a49691ce881c050d77c0dc8a4e32f16f7ac2
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
101 B 122ms
122ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=1&event_id=a72a4ac7-cd75-495e-a14a-16d56dca9703&p_id=Twitter&p_user_id=0&pl_id=6d68b89c-280f-4a70-a260-bbe98df61b19&tw_document_href=https%3A%2F%2Fwww.ekransystem.com%2Fen%2Fblog%2Freal-life-examples-insider-threat-caused-breaches%5Bhttps%3A%2F%2Ft.e2ma.net%2Fclick%2F3185dd%2F39qh1nj%2Fbksvfg&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o64x0&type=javascript&version=2.4.15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.ekransystem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 92
date: Wed, 20 Jul 2022 11:50:15 GMT
server: tsa_f
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: f83ed08818d08536fd3d227fd9970e0d531d77326a47c2688a46029010a5c090
content-length: 43

POST
H2 204 collect Show response
n.clarity.ms/ 0
48 B 107ms
107ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.ekransystem.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://www.ekransystem.com
date: Wed, 20 Jul 2022 11:50:16 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ekransystem.com/	1969-12-31 23:59:59	Name: has_js Value: 1
.ekransystem.com/	1970-01-20 06:48:13	Name: _gcl_au Value: 1.1.610233534.1658317815
.bing.com/	1970-01-20 14:00:13	Name: MUID Value: 0BB14FCB2F5D607D0F015E2C2E6C6163
.ekransystem.com/	1970-01-20 22:09:49	Name: _ga Value: GA1.2.1604840232.1658317815
.ekransystem.com/	1970-01-20 04:40:04	Name: _gid Value: GA1.2.1615049414.1658317815
.ekransystem.com/	1970-01-20 04:38:37	Name: _gat_UA-24043858-1 Value: 1
.ekransystem.com/	1970-01-20 04:40:04	Name: _uetsid Value: 1e8a8e60082211edba63731eb86aee4c
.ekransystem.com/	1970-01-20 14:00:13	Name: _uetvid Value: 1e8ab5b0082211ed9874c7656b0856c9
.ekransystem.com/	1970-01-20 22:09:49	Name: _lfa Value: LF1.1.0b01ba63602713fd.1658317815330
.doubleclick.net/	1970-01-20 14:00:13	Name: IDE Value: AHWqTUlMOoMm24Cns29BPbubJ7gDu_ng5IsPH0iwmhqLz407WB355kbjJTH2sfN8
.t.co/	1970-01-20 22:09:49	Name: muc_ads Value: 8d7977f8-3a3c-421e-ae04-5f7bc2d49fb4
.twitter.com/	1970-01-20 22:09:49	Name: personalization_id Value: "v1_Ftgbl/rdwLKgefK2bmDUNA=="
.ekransystem.com/	1970-01-20 06:48:13	Name: _fbp Value: fb.1.1658317815487.1609634507
.linkedin.com/	1970-01-20 05:21:49	Name: UserMatchHistory Value: AQLtvjjCqS6xQgAAAYIbcb6O3NeXAzmSSOSWQmTCXR1n3SV3hEaHzOoWhM8BEqr18XPksY16lQYG_Q
.linkedin.com/	1970-01-20 05:21:49	Name: AnalyticsSyncHistory Value: AQJ9M2Qph8ccnwAAAYIbcb6OLyIOJydWlOaSqd_24-Uu3QGPoC-z5WV0ycFqUTjWfGOFvTzYUPiKRHYVYOr15Q
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 22:10:31	Name: bcookie Value: "v=2&9110e7e0-4db1-445a-8e86-d6b8f5a4c4eb"
.linkedin.com/	1970-01-20 04:40:04	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2442:u=1:x=1:i=1658317815:t=1658404215:v=2:sig=AQE2qEdOlK7ZHQ-y9rG0BA0wYUtgOqun"
www.clarity.ms/	1970-01-20 13:24:13	Name: CLID Value: e6ccba4b39354a7d9e5e84236ea43381.20220720.20230720
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=nl-nl
.www.linkedin.com/	1970-01-20 22:10:31	Name: bscookie Value: "v=1&20220720115015ea5a6a5f-63a8-4c34-8b3b-e47e632c69b9AQGL9HD4JPh8_jBF5jYX5rZfrdgqO2rx"
.linkedin.com/	1970-01-20 22:05:30	Name: li_gc Value: MTswOzE2NTgzMTc4MTU7MjswMjF8KKefAdhsyZjsqj+2a6hj4mPNGdZlgX8apuXYiufbpQ==
.ekransystem.com/	1970-01-20 13:24:13	Name: _clck Value: 4ahuej\|1\|f3b\|0
.ekransystem.com/	1970-01-20 08:57:49	Name: __hstc Value: 216735817.68d9eebe37a52aa14d1e896273c94e0c.1658317816442.1658317816442.1658317816442.1
.ekransystem.com/	1970-01-20 08:57:49	Name: hubspotutk Value: 68d9eebe37a52aa14d1e896273c94e0c
.ekransystem.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.ekransystem.com/	1970-01-20 04:38:39	Name: __hssc Value: 216735817.1.1658317816442
.ekransystem.com/	1970-01-20 04:40:04	Name: _clsk Value: vzbspn\|1658317816479\|1\|1\|n.clarity.ms/collect
.c.bing.com/	1970-01-20 14:00:13	Name: SRM_B Value: 0BB14FCB2F5D607D0F015E2C2E6C6163
.hubspot.com/	1970-01-20 04:38:39	Name: __cf_bm Value: wCk0Rm7IInHi7kK_ZaW_BprNRhEv8cBKvWKxMeCYFgc-1658317816-0-AUJdj/0gtLIne4y9xxrd2C32qyAMp1tITcirrO8FnmXzwzDXzyG+YXzXPtxHphlLpYcTlYsyM2zXIdb/mLD7mkk=
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 14:00:13	Name: MUID Value: 0BB14FCB2F5D607D0F015E2C2E6C6163
.c.clarity.ms/	1970-01-20 04:38:38	Name: ANONCHK Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches[https://t.e2ma.net/click/3185dd/39qh1nj/bksvfg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
bat.bing.com
c.bing.com
c.clarity.ms
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
n.clarity.ms
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
sc.lfeeder.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tr.lfeeder.com
track.hubspot.com
www.clarity.ms
www.ekransystem.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.nl
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
104.244.42.67
104.244.42.69
13.107.42.14
172.217.18.98
18.66.122.75
199.232.136.157
20.234.93.27
2600:9000:225e:1200:1f:f723:6fc0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::6812:21ab
2606:4700::6810:5605
2606:4700::6811:44b0
2606:4700::6811:82ab
2606:4700::6811:d4cc
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:27::cafe:1799
2620:1ec:c11::200
2a00:1450:4001:800::200e
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2004
2a00:1450:400c:c06::9a
2a00:1450:400e:80e::200a
2a02:26f0:3500:16::215:149b
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3120::3
52.184.204.244
0fcff9391b8f4560e9bc64c28dcd9101f66de7b93676ea8cc254980567f663db
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
169654a2040e9f83c46d4cd65600c3dc9db6db042904c22cc97645fb4323c362
20171a2a7b7bfad928d596486d2cb6f08216455098270d69bc784d5993a7c654
21dcb758dab1eb82a503282eb5f702dfd571ba44af4018d4eda317d2d64a29e3
221b0e0a9ac78cd8a1baab5e554ff01ee96bd66afad3450677ac8c7aa78f1d0b
23734e52209fd0f65c4dd85d8b1368c1cf79c8b3e1071c3c001cbb14c9f3b78a
243c96f4fc86cf0eb8699a4c10d8ac3c7bfbd31591b0a68c138f4007319dcaeb
2a943e4b6b94341c5423fba09f224923d33cacf65ddbe2cef5e26b7a23907831
333035ddbc85a2ac50943b10a9531d5405f37b2fd490ccd310062db9857fcdd9
33a089450783bf5d007e2be542a23e3a0b1246ef986399bac808adb33949371a
44e2979ec577d9f4ffc9b383cc75095c343c3024e742fef886aa14a8a37ecc6b
4b9e209ee219b7fe43269cedbea351b36cb3efecfaf4441abcefea198db9b994
595434f0b2f741aeab1e88db6fdda74c5a906fce4b886dd014dcc0924c4eb0d0
59f34b34f48829a43f347e7685fa1bc2328c14640ec6df1dfde8d4c5b615efd3
5e0a88a680075dec852a87e3caa62bbb27bc77affb238de1778e1a8dca88e088
60ac8e50fbfe078a022ef4fe835719970b87b6b83d28d05174843b21a59ce674
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e164ad4aa1f1905c44c2e4e57088f313738d18320a99a7e6a984b862523d96d
797cc557a4293ab04b3a9d59ee6ef56134578f62c59511402c84bd23d50767b4
808c95d7dd523ce5c328d6111a358d210a7d25d61fc1024d549fbc1bcf806712
85350dee6ba59771f929818b768257e50234b6c34d3f05e0a92e91fbc4b19117
87e625a5f598b056032263d17b408579c6ed75d9f7a47497d0df1c8788514631
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b304c32dc60b0877b4ee178787120017782e75b733e19ede19df0129654d73f3
b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb
b6c9576a1174f5aad4796a44f557bc47c1c8c9d8baa9e255e045ecf74d14d2bd
bb5677bcd61703e98d4e275bee546ffa99a970f913b699a727398802da8d4c3d
c50007cdfc84b41ab831ebc6febfc325c15605e768770083c193f0eac9801307
c72bce44e6647c0e558aa2a1c4333be825215893b23df574b06438b53d8381a1
d420eee29f5fba4010c5e38e0a2820fe099c592ea07a53aa425a8ae862a69a3e
d4d9e0751276161ff1360ea3af7baa5fb6828dc375e927b9f03dd90a4989dcf8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ddd4949c87bb5202b6c262aeff50607e83e5980204c692443fbdbc7e7b04a67d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8aff6a8426e2182081c0e696ff05c3b10eeb43716fe56bbc9f8b3b3069c6736
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff8efff21698ed3cb641b684e095d3402072507a3d92e8103a2175630ab72c5b

www.ekransystem.com Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

67 Requests

94 %HTTPS

75 %IPv6

25 Domains

34 Subdomains

30 IPs

4 Countries

922 kBTransfer

2631 kBSize

33 Cookies

9 Outgoing links

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ekransystem.com Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

94 %
HTTPS

75 %
IPv6

25
Domains

34
Subdomains

30
IPs

4
Countries

922 kB
Transfer

2631 kB
Size

33
Cookies

67 HTTP transactions
0 data transactions