www.huntress.com Open in urlscan Pro
34.249.200.254 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Effective URL:
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Submission: On April 05 via api (April 5th 2024, 12:17:52 pm UTC) from US — Scanned from DE

Summary HTTP 152 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 65 IPs in 5 countries across 49 domains to perform 152 HTTP transactions. The main IP is 34.249.200.254, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 296426.
TLS certificate: Issued by R3 on March 15th 2024. Valid for: 3 months.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	34.249.200.254 34.249.200.254	16509 (AMAZON-02) (AMAZON-02)
21	2600:9000:21f... 2600:9000:21f3:2800:12:9e5f:cac0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
13	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.111.224.162 34.111.224.162	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.1.91 151.101.1.91	54113 (FASTLY) (FASTLY)
5	104.16.85.20 104.16.85.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	140.82.121.3 140.82.121.3	36459 (GITHUB) (GITHUB)
1	18.244.20.40 18.244.20.40	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:8dd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	76.76.21.61 76.76.21.61	16509 (AMAZON-02) (AMAZON-02)
4	76.76.21.241 76.76.21.241	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	18.245.86.87 18.245.86.87	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	185.199.110.154 185.199.110.154	54113 (FASTLY) (FASTLY)
8	2600:9000:235... 2600:9000:235a:0:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1490	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	162.159.153.247 162.159.153.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1 4	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:440... 2606:4700:4400::ac40:90e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	3.65.91.158 3.65.91.158	16509 (AMAZON-02) (AMAZON-02)
1	18.66.102.11 18.66.102.11	16509 (AMAZON-02) (AMAZON-02)
1	18.245.46.122 18.245.46.122	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:223... 2600:9000:223c:b400:9:d7d4:1380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.45.52.13 52.45.52.13	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:20:... 2606:4700:20::681a:1ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4cba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8911	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6efe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e3a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2	142.250.185.206 142.250.185.206	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	54.71.94.159 54.71.94.159	16509 (AMAZON-02) (AMAZON-02)
2	34.159.227.151 34.159.227.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	3.230.6.246 3.230.6.246	14618 (AMAZON-AES) (AMAZON-AES)
2	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.18.160.125 104.18.160.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.239.249 104.17.239.249	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	18.66.147.59 18.66.147.59	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.16.137.15 104.16.137.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
152	65

1 34.249.200.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:21f3:2800:12:9e5f:cac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets-global.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.224.162 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 162.224.111.34.bc.googleusercontent.com

js.na.chilipiper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.91 (United States)

ASN54113 (FASTLY, US)

client-registry.mutinycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.85.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 140.82.121.3 (Frankfurt am Main, Germany)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.20.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-20-40.fra56.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8dd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.61 (Walnut, United States)

ASN16509 (AMAZON-02, US)

tools.refokus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.76.21.241 (Walnut, United States)

ASN16509 (AMAZON-02, US)

hubspotonwebflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-87.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.110.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-110-154.github.com

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:235a:0:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1490 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.153.247 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.65.91.158 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-122.fra56.r.cloudfront.net

cdn.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:b400:9:d7d4:1380:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.52.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-52-13.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:1ad (United States)

ASN13335 (CLOUDFLARENET, US)

huntresscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4cba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8911 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6efe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f14.1e100.net

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.71.94.159 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-94-159.us-west-2.compute.amazonaws.com

api-gw.metadata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.159.227.151 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.227.159.34.bc.googleusercontent.com

webhooks.fivetran.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.230.6.246 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-6-246.compute-1.amazonaws.com

api.neverbounce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:23::1726:62a7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.160.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.239.249 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.21 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-59.fra60.r.cloudfront.net

rc-widget-frame.js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.137.15 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	website-files.com assets-global.website-files.com — Cisco Umbrella Rank: 6404 assets.website-files.com — Cisco Umbrella Rank: 12236	1 MB
15	6sc.co j.6sc.co — Cisco Umbrella Rank: 5872 c.6sc.co — Cisco Umbrella Rank: 9222 ipv6.6sc.co — Cisco Umbrella Rank: 5999 b.6sc.co — Cisco Umbrella Rank: 3952	41 KB
8	github.com gist.github.com — Cisco Umbrella Rank: 47212	47 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 744 i.clarity.ms — Cisco Umbrella Rank: 5954 c.clarity.ms — Cisco Umbrella Rank: 1368	28 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 320 www.linkedin.com — Cisco Umbrella Rank: 581 px4.ads.linkedin.com — Cisco Umbrella Rank: 6476	4 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2903	11 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3274 google.com — Cisco Umbrella Rank: 1	1 KB
5	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 332	23 KB
4	metadata.io cdn.metadata.io — Cisco Umbrella Rank: 8728 api-gw.metadata.io — Cisco Umbrella Rank: 22743	4 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 329 c.bing.com — Cisco Umbrella Rank: 234	16 KB
4	hubspotonwebflow.com hubspotonwebflow.com — Cisco Umbrella Rank: 40567	26 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7030	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2328	17 KB
3	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4384 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4304 track.hubspot.com — Cisco Umbrella Rank: 2436	27 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 25666 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23023	2 KB
3	neverbounce.com cdn.neverbounce.com — Cisco Umbrella Rank: 61674 api.neverbounce.com — Cisco Umbrella Rank: 125133	30 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 71	69 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	289 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4737	2 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4459 perf-na1.hsforms.com — Cisco Umbrella Rank: 4655	2 KB
2	fivetran.com webhooks.fivetran.com — Cisco Umbrella Rank: 119599	325 B
2	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1323	712 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4730 forms.hscollectedforms.net — Cisco Umbrella Rank: 4806	26 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 780 script.hotjar.com — Cisco Umbrella Rank: 1035	59 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	72 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 6165 q.quora.com — Cisco Umbrella Rank: 4397	15 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1210	10 KB
2	driftt.com js.driftt.com — Cisco Umbrella Rank: 5980 rc-widget-frame.js.driftt.com — Cisco Umbrella Rank: 105566	60 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2558	2 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 497	702 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 99	274 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 816	727 B
1	t.co t.co — Cisco Umbrella Rank: 663	377 B
1	google.de www.google.de — Cisco Umbrella Rank: 7528	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 96	255 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3287	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5217	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2311	22 KB
1	huntresscdn.com huntresscdn.com — Cisco Umbrella Rank: 6003	112 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7771	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 787	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 811	17 KB
1	githubassets.com github.githubassets.com — Cisco Umbrella Rank: 9017	11 KB
1	gstatic.com www.gstatic.com	201 KB
1	refokus.com tools.refokus.com — Cisco Umbrella Rank: 51727	1 KB
1	cloudfront.net d3e54v103j8qbb.cloudfront.net	30 KB
1	mutinycdn.com client-registry.mutinycdn.com — Cisco Umbrella Rank: 18985	17 KB
1	chilipiper.com js.na.chilipiper.com — Cisco Umbrella Rank: 239680	25 KB
1	huntress.com www.huntress.com — Cisco Umbrella Rank: 296426	31 KB
152	49

	Domain	Requested by
21	assets-global.website-files.com	www.huntress.com
8	assets.website-files.com	assets-global.website-files.com
8	gist.github.com	www.huntress.com
7	b.6sc.co
6	tags.srv.stackadapt.com	www.huntress.com tags.srv.stackadapt.com
5	cdn.jsdelivr.net	www.huntress.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	hubspotonwebflow.com	www.huntress.com hubspotonwebflow.com
4	j.6sc.co	www.huntress.com j.6sc.co www.googletagmanager.com
3	js.zi-scripts.com	www.huntress.com js.zi-scripts.com
3	i.clarity.ms	www.clarity.ms
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.huntress.com
3	www.youtube.com	www.huntress.com www.googletagmanager.com www.youtube.com
3	www.googletagmanager.com	www.huntress.com www.googletagmanager.com
3	www.google.com	www.huntress.com www.gstatic.com
2	ws.zoominfo.com	js.zi-scripts.com
2	c.clarity.ms	1 redirects
2	ipv6.6sc.co	j.6sc.co
2	c.6sc.co	j.6sc.co
2	api.neverbounce.com	cdn.neverbounce.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	webhooks.fivetran.com	huntresscdn.com
2	api-gw.metadata.io	cdn.metadata.io
2	ibc-flow.techtarget.com	trk.techtarget.com
2	alb.reddit.com	www.huntress.com
2	google.com	www.googletagmanager.com
2	cdn.metadata.io	www.huntress.com
2	connect.facebook.net	www.huntress.com connect.facebook.net
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	js.hs-scripts.com	www.huntress.com assets-global.website-files.com
1	c.bing.com	1 redirects
1	track.hubspot.com
1	rc-widget-frame.js.driftt.com	js.driftt.com
1	secure.adnxs.com	j.6sc.co
1	perf-na1.hsforms.com	www.huntress.com
1	forms.hsforms.com	www.huntress.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	www.facebook.com	www.huntress.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	www.huntress.com
1	www.linkedin.com	1 redirects
1	analytics.twitter.com	www.huntress.com
1	t.co	www.huntress.com
1	www.google.de	www.huntress.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	huntresscdn.com	www.huntress.com
1	q.quora.com	www.huntress.com
1	trk.techtarget.com	www.huntress.com
1	cdn.neverbounce.com	www.googletagmanager.com
1	static.hotjar.com	www.huntress.com
1	tracking.g2crowd.com	www.huntress.com
1	static.ads-twitter.com	www.googletagmanager.com
1	a.quora.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	github.githubassets.com	gist.github.com
1	js.driftt.com	www.huntress.com
1	www.gstatic.com	www.google.com
1	tools.refokus.com	www.huntress.com
1	d3e54v103j8qbb.cloudfront.net	www.huntress.com
1	client-registry.mutinycdn.com	www.huntress.com
1	js.na.chilipiper.com	www.huntress.com
1	www.huntress.com
152	70

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
assets-global.website-files.com
www.facebook.com
twitter.com
www.linkedin.com
www.reddit.com
www.connectwise.com
gist.github.com
github.com
learn.microsoft.com

Subject Issuer	Validity	Valid
www.huntress.com R3	`2024-03-15` - `2024-06-13`	3 months	crt.sh
*.website-files.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
chilipiper.com GoGetSSL RSA DV CA	`2024-02-05` - `2025-03-07`	a year	crt.sh
client-registry.mutinycdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-06` - `2025-04-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.github.com Sectigo ECC Domain Validation Secure Server CA	`2024-03-07` - `2025-03-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
hs-scripts.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
tools.refokus.com R3	`2024-02-20` - `2024-05-20`	3 months	crt.sh
*.hubspotonwebflow.com R3	`2024-03-15` - `2024-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.githubassets.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-28` - `2024-09-27`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
quora.com R3	`2024-02-18` - `2024-05-18`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2024-04-04` - `2024-06-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-13` - `2024-04-12`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
neverbounce.com Amazon RSA 2048 M03	`2024-01-29` - `2025-02-25`	a year	crt.sh
*.metadata.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-29` - `2025-01-28`	a year	crt.sh
*.quora.com R3	`2024-03-10` - `2024-06-08`	3 months	crt.sh
huntresscdn.com Cloudflare Inc ECC CA-3	`2023-05-10` - `2024-05-09`	a year	crt.sh
hsleadflows.net E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-03-10` - `2024-06-08`	3 months	crt.sh
webhooks.fivetran.com R3	`2024-03-28` - `2024-06-26`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.drift.com Amazon RSA 2048 M01	`2023-07-03` - `2024-07-31`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-03-29` - `2024-06-27`	3 months	crt.sh
zoominfo.com E1	`2024-03-22` - `2024-06-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Frame ID: 7B9F558C6F961F58B15F80BDBBFDBFAF
Requests: 142 HTTP requests in this frame

Frame: https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY
Frame ID: 89B64975F053510A7A41A6F396ABB70A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=qu6dxw6gfnz7
Frame ID: 3AABF2B843AE054EF64D46A629FB087F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Frame ID: 097CD7AB8CDA2B652C1A513ED8F951C0
Requests: 1 HTTP requests in this frame

Frame: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=030959fa-d74b-494d-9588-8baa4aa03e5f&sessionStarted=1712319467.768&campaignRefreshToken=2818b29d-b8c3-47b4-b43b-d084426f4aac&pageLoadStartTime=1712319465808&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Frame ID: 4E72C5F983B8D055F6548B0562BE50DF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 | Huntress Blog

Page URL History Show full URLs

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authenticatio... HTTP 307
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authenticatio... Page URL

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

152
Requests

98 %
HTTPS

44 %
IPv6

49
Domains

70
Subdomains

65
IPs

5
Countries

2949 kB
Transfer

7337 kB
Size

65
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.huntress.io/hc/en-us
Title: Support Documentation

Search URL Search Domain Scan URL

URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/6598317ed13aaee7ad5b2b9b_CascadeTechnologies-CaseStudy.pdf

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Search URL Search Domain Scan URL

URL: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Title: security advisory

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964/raw/b5a20fc9f6755de41955d529f85f39d11e77fb6d/gistfile1.txt
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964#file-gistfile1-txt
Title: gistfile1.txt

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8/raw/2f12bda8ae4e324be4451ed2c04d3a23b52b4c62/SetupWizard.aspx.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8#file-setupwizard-aspx-diff
Title: SetupWizard.aspx.diff

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/dotnet/api/system.web.httprequest.path?view=netframework-4.8.1
Title: MSDN documentation

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3/raw/9e7333b7945ca8b5b5298c80cf72e04bef4ed69d/ScreenConnect.Core.dll.cs.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3#file-screenconnect-core-dll-cs-diff
Title: ScreenConnect.Core.dll.cs.diff

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea/raw/9fee111c21c06f99b0896cdb5d8be1d36455265b/ScreenConnect.Server.dll.cs.diff
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea#file-screenconnect-server-dll-cs-diff
Title: ScreenConnect.Server.dll.cs.diff

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4663
Title: Windows Event ID 4663

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239/raw/50a4cb25e8d25b94b79a79f4bcaa807274ed506a/SetupWizard_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239#file-setupwizard_sigma_rule-yml
Title: SetupWizard_sigma_rule.yml

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1/raw/20ed93cac337bbb9cb085161e8bc36ed02d2b669/ScreenConnect_modification_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1#file-screenconnect_modification_sigma_rule-yml
Title: ScreenConnect_modification_sigma_rule.yml

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258/raw/bebf1b7546a1b785990563fd424e076cccdc1360/SetupWizard_IIS_log.yara
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258#file-setupwizard_iis_log-yara
Title: SetupWizard_IIS_log.yara

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7/raw/5c08f7ed85d99e1a20206500c353c681e29ffcbd/App_Extensions_sigma_rule.yml
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7#file-app_extensions_sigma_rule-yml
Title: App_Extensions_sigma_rule.yml

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP 307
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1712319466723%26li_adsId%3De7405581-8181-4168-a995-21855b4c66a0%26url%3Dhttps%253A%252F%252Fwww.huntress.com%252Fblog%252Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQLlPXZxlUnxVwAAAY6uMY97ATYxfr8ymtFF8K-i4tk5vb-SUZIY-PIiXp3AyNZP1kAl9VtRIpz8

Request Chain 136

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&RedC=c.clarity.ms&MXFR=0E0F8C5B875C605F07D89803835C6E5B HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&MUID=092AD1E4FD6869EB3E41C5BCFCC468B6

152 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Show response
www.huntress.com/blog/
Redirect Chain

http://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

128 KB
31 KB

268ms
93ms

Document
text/html

34.249.200.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7e6099f8d59d29c1446e0d06b18e6213da825582d128799560094a5ecdfae5a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 52836
content-encoding: gzip
content-length: 31045
content-security-policy: frame-ancestors 'self'
content-type: text/html
date: Fri, 05 Apr 2024 12:17:45 GMT
referrer-policy: origin
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cluster-name: eu-west-1-prod-hosting-red
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-lambda-id: d2065e3a-b2a6-43a5-9e3e-8672cad7a8fb
x-served-by: cache-iad-kcgs7200177-IAD, cache-dub4324-DUB
x-timer: S1712319466.734516,VS0,VE1
x-xss-protection: 1; mode=block

Redirect headers

Location: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 huntress-new.4fa7a55b5.min.css
assets-global.website-files.com/6579dd0b5f9a54376d296915/css/ 348 KB
57 KB 73ms
25ms Stylesheet
text/css 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f17723e05ced08cbee817fc6c8327965f4fcd1f32aea681868acc75218330462

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: mTUio.8pA_d2FE7h0xC_KHc4n4mW9bao
content-encoding: gzip
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 21:16:02 GMT
age: 55305
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 58223
last-modified: Wed, 03 Apr 2024 21:22:45 GMT
server: AmazonS3
etag: "34bd9d5b7a239b21730e7cd3eb2119b4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 467Z5_moGm4IvwJEIbXNnlQcapRw9SKS_NQa2-a8MMn6WUA-DJEWvQ==

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
856 B 76ms
31ms Script
text/javascript 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

0eb1d1903c6765eb52f6fba4dd782620116b398b8f11de986533eafcd838b616

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 05 Apr 2024 12:17:45 GMT

GET
H2 200 8769192b-20ba-4df2-8d62-2740a805c3e8.js Show response
j.6sc.co/j/ 1002 B
911 B 491ms
404ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: UrRvP5epIIYMFKpHnUIiG3eAjq1aSOQ0
content-encoding: gzip
date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 511
pragma: no-cache
last-modified: Mon, 04 Dec 2023 23:24:23 GMT
server: AmazonS3
etag: "c6115ff14d497b0e4a2d9c497d7ad5d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: yj9X6OG9Eyio8eDZ4797lLpehV6U3z8ufAwPYEsB3PrATmu8sNvkrQ==
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 marketing.js Show response
js.na.chilipiper.com/ 73 KB
25 KB 206ms
137ms Script
application/javascript 34.111.224.162
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://js.na.chilipiper.com/marketing.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.224.162 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

162.224.111.34.bc.googleusercontent.com

Software

Resource Hash

02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: data: wss://.chilipiper.com wss://.chilipiper.io wss://.chilipiper.cool wss://.chilipiper.team https://.chilipiper.com https://.chilipiper.io https://.chilipiper.cool https://.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://.rollout.io https://.facebook.com https://.marketo.com https://.mixpanel.com https://.hubspot.com https://.pardot.com https://.getdrip.com https://.google.com https://.googleapis.com https://.hsforms.net https://.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://.intercom.io https://.mutinycdn.com https://.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.bugsnag.com https://zoom.us https://.gotomeeting.com https://.rollout.io https://.codox.io https://cdn.tiny.cloud https://js.stripe.com https://.zdassets.com https://.zendesk.com https://.zopim.com wss://chilipiper.zendesk.com wss://.zopim.com https://.googleusercontent.com https://.facebook.net https://.doubleclick.net https://.licdn.com https://.googleadservices.com https://.digitaloceanspaces.com https://.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://.lr-in-prod.com https://polyfill.io https://.planhat.com https://.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src data: blob: 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' blob: data: wss://.chilipiper.com wss://.chilipiper.io wss://.chilipiper.cool wss://.chilipiper.team https://.chilipiper.com https://.chilipiper.io https://.chilipiper.cool https://.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://.rollout.io https://.facebook.com https://.marketo.com https://.mixpanel.com https://.hubspot.com https://.pardot.com https://.getdrip.com https://.google.com https://.googleapis.com https://.hsforms.net https://.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://.intercom.io https://.mutinycdn.com https://.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.bugsnag.com https://zoom.us https://.gotomeeting.com https://.rollout.io https://.codox.io https://cdn.tiny.cloud https://js.stripe.com https://.zdassets.com https://.zendesk.com https://.zopim.com wss://chilipiper.zendesk.com wss://.zopim.com https://.googleusercontent.com https://.facebook.net https://.doubleclick.net https://.licdn.com https://.googleadservices.com https://.digitaloceanspaces.com https://.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://.lr-in-prod.com https://polyfill.io https://.planhat.com https://.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src data: blob: 'unsafe-inline';
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
via: 1.1 google
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 0
content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22403
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Mon, 19 Feb 2024 02:04:51 GMT
etag: W/"65d2b743-122e0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=60, must-revalidate
x-cache-hit: revalidated
x-content-security-policy: default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';

GET
H2 200 c9c27905c1e445d6.js Show response
client-registry.mutinycdn.com/personalize/client/ 52 KB
17 KB 90ms
23ms Script
application/javascript 151.101.1.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client-registry.mutinycdn.com/personalize/client/c9c27905c1e445d6.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 037a17512985e112e6b64b0534e3953dfca28420d2cab55f7771a7dd22a79918

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: rm7CCdEnzkQDMM8OaKvaUoqsUvl3R5ky
x-continent-code: EU
content-encoding: gzip
date: Fri, 05 Apr 2024 12:17:45 GMT
via: 1.1 varnish
x-edge-region: EU-East
x-amz-request-id: 6MDPMTBEPVBHS77Q
age: 804
x-amz-server-side-encryption: AES256
x-cache: HIT
x-edge-datacenter: FRA
content-length: 16796
x-amz-id-2: nHLFf0pacrMt8SB8lPay9cHY7V8rCNUHTID6055wi4+44YP0EQ+v4yOPB0STkKNK26uNwo27qWQ=
x-served-by: cache-fra-etou8220097-FRA
x-connection-speed: broadband
last-modified: Thu, 04 Apr 2024 18:45:37 GMT
server: AmazonS3
etag: "69ed807655696293abd69dd989387f9c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=3600, max-age=0
vary: X-Continent-Code, Accept-Encoding
accept-ranges: bytes
x-country-code: DE
x-cache-hits: 1

GET
H3 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 64ms
30ms Stylesheet
text/css 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1975491
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220022-FRA, cache-lga21974-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pnmx7U5deDC3v8PIck84dfYJCfCi5FEu34QiXRsp1Zt20vimsQ6M%2BEgyu4Rxf2WsbO7nIalVRXdXwYvoSEGLpfarqGlGLjq8IXRboxediUPczi2dLmze01XSJmujZdY8qTk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f97a1598a79049-FRA

GET
H3 200 index.umd.min.js Show response
cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/ 5 KB
3 KB 67ms
33ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-button-click-tracking@latest/dist/index.umd.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 404
x-jsd-version: 3.23.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2045
x-served-by: cache-fra-etou8220149-FRA, cache-lga21943-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"1257-XGh/u0oT7hTbaQXf16hjV3fN0OU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FkHVHsvYLlFuURStREUfyony5WYrY4CzT7%2FArjfcBU7f%2FoV4%2F9C4tbbfbtw6ugm8GrEZ%2F76e4gBMd6R1TjDSJteALFTN8jCcqPU5YbSdqqXRQQabSKCGsZ6Jk4J6rsqTO64%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86f97a1598a99049-FRA

GET
H3 200 richtext.js Show response
cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/ 8 KB
4 KB 34ms
31ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22607
x-jsd-version: 1.10.2
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220054-FRA, cache-lga21953-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"2147-I41v+oq443LPQB6aPqMil27q9QY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HKtHnrT5KakWyZnJEZUf5bQavBYFJvcoyzjaXNB58czUBILY0HcArHgPaypWHwmJ94SeCkRjUFqpAEE2l%2Fgh2pg43subMCuqgK8N9m5xVMZVuNonpkSeUQHUzoTwQaXlnyY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 86f97a187aee9049-FRA

GET
H2 200 65f75020c99f25928927347f_banner-blue-halo.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 23 KB
23 KB 97ms
50ms Image
image/webp 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/65f75020c99f25928927347f_banner-blue-halo.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 17 Mar 2024 21:08:05 GMT
x-amz-version-id: VQxidV2D7M0v1MjkNARxPZzB4FkcrZg4
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 1609781
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23574
last-modified: Sun, 17 Mar 2024 20:18:41 GMT
server: AmazonS3
etag: "cd3521a7574865352fcc31cd4d968864"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: kcoHsLKGfZEkOgerhi7_1PK85wKdjQ2Vygv3X94ty1V6bWshGWRxmQ==

GET
H2 200 655d92689c415e9fefcf2400_Hero-grapic-right-02.png
assets-global.website-files.com/655d92689c415e9fefcf2368/ 5 KB
5 KB 100ms
53ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 05:44:52 GMT
x-amz-version-id: ds4He9jpqLhVudpNkauPNw12aaYIjxRr
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 8404373
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 5002
last-modified: Wed, 22 Nov 2023 05:32:26 GMT
server: AmazonS3
etag: "d360d7cfb07b3fdc3fbc56204caa4c06"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: VK465-0elNQjbkn-4wVu4px_Him6D6LbtSw9u412sELe7mbEAx9Y1g==

GET
H2 200 6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 7 KB
7 KB 22ms
22ms Image
image/webp 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: .9LTfep43eO88TqIHc3WnYAIb3vaJe3A
date: Fri, 05 Apr 2024 04:38:27 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 32321
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6778
last-modified: Thu, 21 Dec 2023 07:39:51 GMT
server: AmazonS3
etag: "2deea30793899f56a236f1ba505155ab"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: Eb1bUU03fn3opOAl6l5Yd1tvKPTCAaaKhYhzdvC1z7sGHZErRhlDmw==

GET
H2 200 6579dd0b5f9a54376d296a5b_facebook.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 368 B
827 B 22ms
21ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 18:39:42 GMT
x-amz-version-id: RZplueeOMT9I2ezQMMUJ8cw13HoQeV5p
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 8530684
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 368
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "b92a7c9703a268bda64464e9f8c245fd"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 73waxK-qlbNS175QAOiRhjjj5PxyY062b6eryhyj6gXD9YZpYAHEYw==

GET
H2 200 6579dd0b5f9a54376d296a6f_twitter.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 351 B
809 B 26ms
26ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 19:08:05 GMT
x-amz-version-id: qTS56BoR0gVqfX6mJuOtV4Wu10z6D4RY
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 8528981
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 351
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "e0a4b7f37d6875804665234ecff1cb23"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: VEBO-5L4FvLydfgu9LtLeN7Y9B5gGDbV8VaEQukLfRnPF2Wi1BSxsA==

GET
H2 200 6579dd0b5f9a54376d296a70_linkedin.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 675 B
1 KB 65ms
60ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id: mMxIOUbXDP4hW6NdJCWI58VrmvAg.At1
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 8373691
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 675
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "67b0ebebe9b8817edbfa41bdfd2e8c6e"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: ECruRMhczZpk7yUz1zv2oNPYnk75wRthBTbEpxyerqnLmj7zkYe2bg==

GET
H2 200 6579dd0b5f9a54376d296a5a_download.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 820 B
1 KB 65ms
61ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id: 5Ss_XSS0A3iWbPuuBVg7J8jICwbGfHO4
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 8373691
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 820
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: "8d8c0614e1e224001d7c6dec535490b1"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -2bGHQCLmoc3P03kmlwgdNQxxOHt6sG47u2Ftzbk-9HC0qkFZP1psg==

GET
H2 200 6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 2 KB
2 KB 66ms
61ms Image
image/webp 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a71_Blog%20banner%20Thumb%20Glitch%20Left.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: X1oARd.5yRkM1108eqnTnHXez5VJo2XZ
date: Fri, 05 Apr 2024 02:00:47 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 37020
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1996
last-modified: Thu, 21 Dec 2023 07:39:50 GMT
server: AmazonS3
etag: "8a941746cf0b15b4b601f10dac732f1c"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 2MgGU02S9E3EpR1wMsXi2ps9BN--TECK83uaDCZE8p9K3XRaRa7lZQ==

GET
H2 200 fac42eefb1bb137d1d8b5707d67d6964.js Show response
gist.github.com/JohnHammond/ 13 KB
6 KB 263ms
167ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

bbfae0a3b7da32ea92fc730b3a357f2aa5b39b596f4711a8c02ed2d901d12fb7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1898
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EDFE7:376C4D9:660FEBEA
etag: W/"bbfae0a3b7da32ea92fc730b3a357f2a"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 a1bf6c78769ea253e43326ca23d3c2b8.js Show response
gist.github.com/JohnHammond/ 7 KB
6 KB 239ms
169ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/a1bf6c78769ea253e43326ca23d3c2b8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

a161369b576860ce9654480562ba1ddeafe81f9ad5ee8f7db2fb00f4892a4b8f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1644
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EDFE6:376C4D8:660FEBEA
etag: W/"a161369b576860ce9654480562ba1dde"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 65d558784370931755195cac_VOF-6GVi8aXEkUnXg6QMpJKg-y8tK8X8wOzr8vpiZr_zsnrQ1-UW6sUxmPiI-pnhlH9p0AaCEsGVqrqIPEEjzdtn1RgshZH8XoaYV118B5SJaZlF4D_KSNMJszRFzGhxjQnjBtSdwnhn786MYYrs8PI.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 431 KB
432 KB 67ms
62ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d558784370931755195cac_VOF-6GVi8aXEkUnXg6QMpJKg-y8tK8X8wOzr8vpiZr_zsnrQ1-UW6sUxmPiI-pnhlH9p0AaCEsGVqrqIPEEjzdtn1RgshZH8XoaYV118B5SJaZlF4D_KSNMJszRFzGhxjQnjBtSdwnhn786MYYrs8PI.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6de8eff2f2f46b4d3e24716caa22af17db498dfbbc0ae5e984d7ea8b098f7d8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:41:57 GMT
x-amz-version-id: v71bzVi68kUfwlP2si3pxThQxfSbrhOh
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 48949
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 441368
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "8cf7ad894b14452a1f39733cbcb60e63"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: rAy1Ijz6cjAGrl1_uSKR-W7UQcrFoNTvKnlDnDYwadOQvBTjBhTbKw==

GET
H2 200 65d5587895aab08ada261523_5o-p55Z5UH6spdxDIaiuiwTL9pVNZXaiwYCUp_mSsxn5z2xDpK5Gw_o-o3ftPbQ7VWbSHYopNTqSimVy3lDSLfLGwHVzAfoGW9N1HJWh2dZFb5cpxoqI6tiihUgtb81vYtMTJUT6-f3byU3q8g8krbU.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 51 KB
51 KB 433ms
429ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d5587895aab08ada261523_5o-p55Z5UH6spdxDIaiuiwTL9pVNZXaiwYCUp_mSsxn5z2xDpK5Gw_o-o3ftPbQ7VWbSHYopNTqSimVy3lDSLfLGwHVzAfoGW9N1HJWh2dZFb5cpxoqI6tiihUgtb81vYtMTJUT6-f3byU3q8g8krbU.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4e938e5b4fe364bd2d00ec08067f98aa54b1398df28287257b8434012ff20033

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 6jQ5D_RGwWcrzEAPJSWxDsiDOzmQIgzE
date: Fri, 05 Apr 2024 12:17:47 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-length: 51779
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "b3334d2b33ad117de65ee35d5c959a07"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: leTmIaT9J6NN-WzTNzgDn0cwZuFQZjQF0jvW-MjsIw-Vlfm0sk4kuQ==

GET
H2 200 65d55879cb2af12170f04f97_Es0JkQJKuG-5DjiEiOOfDGEQKAHS8dBwPDRCXqlN72QDQ733637nICPRUkYkJ6TA3JyCaZFTEw5a6dezq4jWGGXwyhFfOG4mpm40MNYMWR7rH-OXO8tepHjgTJbWCQUwRWt0TQ79MJbSTcioXS5mWkQ.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 257 KB
258 KB 91ms
86ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d55879cb2af12170f04f97_Es0JkQJKuG-5DjiEiOOfDGEQKAHS8dBwPDRCXqlN72QDQ733637nICPRUkYkJ6TA3JyCaZFTEw5a6dezq4jWGGXwyhFfOG4mpm40MNYMWR7rH-OXO8tepHjgTJbWCQUwRWt0TQ79MJbSTcioXS5mWkQ.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 67786077050307fcffb9795d3f5fd2a2e5d3956e692181609fee98693604d321

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 22:41:57 GMT
x-amz-version-id: mm_tv6ya.xbyiKsK3wBuhJlKMytTlvWx
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 48949
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 262979
last-modified: Wed, 21 Feb 2024 01:57:15 GMT
server: AmazonS3
etag: "fe66f6692ba22e7b01168f78fdbe06ca"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: mOXN3UP3pxxnygmz2Hkx9HIaT5-VdzfIWm0w_oSPAtHPX2ahx_9bww==

GET
H2 200 65d5587816961aa1bccf46e7_bCQT10Rn49nJ0hfB4GAkkb3XEvxwdyo-gxNYZzVtE5K9v1nQmjWbCW6OHPdS9wTnTRGJ0KpH_LH0d1YY_Ignr_zFKfRs9BqM1SpJfeox48WDpKIdDgOhJ6d_n947AQK1p4PqR0fxL7-LawYoIVNYcys.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 129 KB
129 KB 100ms
96ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d5587816961aa1bccf46e7_bCQT10Rn49nJ0hfB4GAkkb3XEvxwdyo-gxNYZzVtE5K9v1nQmjWbCW6OHPdS9wTnTRGJ0KpH_LH0d1YY_Ignr_zFKfRs9BqM1SpJfeox48WDpKIdDgOhJ6d_n947AQK1p4PqR0fxL7-LawYoIVNYcys.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b9662a50703853ca2a318262d930668b8ae42333c6b413a424d0296212c40865

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: HLK6RtJwr1ieEvG8Jkdr7dxZo2M8q5xZ
date: Fri, 05 Apr 2024 10:25:55 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 10875
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 131679
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "0924c3aca52f1ea982d08401916c51af"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 1CH_TbaVN4UgwctnxTFMj38X2vTBJVZ_SSa3VPVw9nU7paE2YltM_Q==

GET
H2 200 ca3824104f47498768a5ccee49af95b3.js Show response
gist.github.com/JohnHammond/ 7 KB
5 KB 158ms
158ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/ca3824104f47498768a5ccee49af95b3.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

56ca8f0d6314136eeb319281448c5f652abea4df2061d2c42752380d76b742dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1585
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE118:376C648:660FEBEA
etag: W/"56ca8f0d6314136eeb319281448c5f65"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 16b19436045484ccf2aad539f31271ea.js Show response
gist.github.com/JohnHammond/ 6 KB
5 KB 165ms
164ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/16b19436045484ccf2aad539f31271ea.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

aa067c3f9d762c4b27d7593b347b627735508a13e79d5ff35cf109b5f297dedf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1520
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE118:376C649:660FEBEA
etag: W/"aa067c3f9d762c4b27d7593b347b6277"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 65d55878e0bce79d5469d328_3UiSOzyngYMkZ2TqaT488ZZgGjEPTdpHFOHkPvUScU7z6Jt6uD9hGkaoWVJ8fI1IIO0FNuU_UaNbwPZ6Um9h1WGtQhkSWMxcosQz0KFHj3JgrbVAQ7sIzu8kQ-DuLMcQIS-Cj1aTMKfDCygOuW_R_rk.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/ 126 KB
126 KB 412ms
408ms Image
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d55878e0bce79d5469d328_3UiSOzyngYMkZ2TqaT488ZZgGjEPTdpHFOHkPvUScU7z6Jt6uD9hGkaoWVJ8fI1IIO0FNuU_UaNbwPZ6Um9h1WGtQhkSWMxcosQz0KFHj3JgrbVAQ7sIzu8kQ-DuLMcQIS-Cj1aTMKfDCygOuW_R_rk.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a447d3663b55765c353cd2d4067634356183f5589b5af36e703e452926669f0e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 76ZcbiQupQpThW9hu3TeyeQensofWkN9
date: Fri, 05 Apr 2024 12:17:47 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-length: 128530
last-modified: Wed, 21 Feb 2024 01:57:13 GMT
server: AmazonS3
etag: "9f1e03c5de811d7a19dba9af2be6fab3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: kUBoAEivmrLcTyUqPWpFJM5nEuEITqPmFQpsYJ5_VEqKDLcRzbKl7g==

GET
H2 200 65cee24bc949be53e6744a84e78b7239.js Show response
gist.github.com/JohnHammond/ 12 KB
6 KB 166ms
159ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/65cee24bc949be53e6744a84e78b7239.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

60ba63f369e9131ebda235cb154f2204acf3f5cb6de3dcf289d933ad5eebf778

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2164
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE20C:376C742:660FEBEA
etag: W/"60ba63f369e9131ebda235cb154f2204"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 4bffa96fe54aa6c1cb35509e9d7ad0b1.js Show response
gist.github.com/JohnHammond/ 16 KB
6 KB 167ms
160ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/4bffa96fe54aa6c1cb35509e9d7ad0b1.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

031ac081c388503c078347630e6db5e0590befc22f345050a050f9b0a79d5083

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2531
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE20C:376C743:660FEBEA
etag: W/"031ac081c388503c078347630e6db5e0"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 e07caff1b2d4526b7fabbecd63784258.js Show response
gist.github.com/JohnHammond/ 10 KB
6 KB 187ms
180ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/e07caff1b2d4526b7fabbecd63784258.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

a03c63b7757de92a9b204e6c7809d61430bb1b1c363c4ae37b1ec7cad3e93c79

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1974
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE210:376C744:660FEBEA
etag: W/"a03c63b7757de92a9b204e6c7809d614"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 d6b7b067b300770636a585e1b42eddc7.js Show response
gist.github.com/JohnHammond/ 17 KB
6 KB 173ms
166ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/JohnHammond/d6b7b067b300770636a585e1b42eddc7.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

2791bb4bda1252e862eef1143ff121bc0825a112166291e2c760cba8c7575e40

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 2606
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: A0F8:3E8B22:36EE211:376C746:660FEBEA
etag: W/"2791bb4bda1252e862eef1143ff121bc"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 86ms
25ms Script
application/javascript 18.244.20.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.20.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-20-40.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 05:10:32 GMT
content-encoding: br
via: 1.1 7daf545331a4f565a58e22b0fa952528.cloudfront.net (CloudFront)
age: 25635
x-amz-cf-pop: FRA56-P11
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: mxoPLn7bjKVd4Spa3f6FLSdpuLhR4wPIEhkIK0VxUt6MeruO4WqR9A==

GET
H2 200 huntress-new.30e353aba.js Show response
assets-global.website-files.com/6579dd0b5f9a54376d296915/js/ 1 MB
208 KB 33ms
27ms Script
text/javascript 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.30e353aba.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74eeb7d68caa91529c2eb3d822c13adee8d1fd247b0f3b082d84d6da51825919

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: xdlMF86fOjzNTncpZLhYJBWWkyacG9qB
content-encoding: gzip
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
date: Thu, 04 Apr 2024 21:16:03 GMT
age: 55305
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 212530
last-modified: Wed, 03 Apr 2024 21:22:45 GMT
server: AmazonS3
etag: "c98b78bdc3631d0794fe1ec8b15b4784"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: CBbaAAgDjXXdGFW5F_WNxRU7MkGzpzdH_0km-TuHKXWsXkDu9DFayg==

GET
H2 200 3911692.js Show response
js.hs-scripts.com/ 3 KB
1 KB 200ms
147ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/3911692.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe98d4f9df17e0bd91b2f4239e19d018ae53455a8bf50f448d38b287d7c36e05

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e5449c5d-8c6d-4e2d-afe9-e8d2396f7d7f
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e5449c5d-8c6d-4e2d-afe9-e8d2396f7d7f
last-modified: Fri, 05 Apr 2024 12:12:40 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-drpwv
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 86f97a18c9091bc3-FRA
expires: Fri, 05 Apr 2024 12:19:16 GMT

GET
H3 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 34ms
31ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1055109
x-jsd-version: 1.8.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230096-FRA, cache-lga21927-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVyf89AWlekSIFHCI0t5MfO1ggud76q18N9o82POud5ESB0H0Gwh8LTuAiecgmMt7OPB90eZE4daZI7poV6E859np5URvN%2FGJu7x4dFatOIwQ080kY%2FqdOgLOEJ4qSWnf2s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f97a187aef9049-FRA

GET
H2 200 bundle.v1.0.0.js Show response
tools.refokus.com/rich-text-enhancer/ 2 KB
1 KB 93ms
23ms Script
application/javascript 76.76.21.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::2m6tf-1712319466383-83c845051230
age: 6184779
etag: W/"bfd9ff53d0c1baa43dbb0f44751f23e9"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bundle.v1.0.0.js"

GET
H3 200 medium-zoom.min.js Show response
cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/ 9 KB
4 KB 58ms
54ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1975370
x-jsd-version: 1.0.3
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220020-FRA, cache-lga21976-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRa%2BZDwb%2FWlLFf97mHhnEqWJCIJunxI7qokCWf5%2BVvJZBRCZpoz9SQbJJpkPxVnABmbOKCOV6giYXeH%2BZJC4J9IAj5r%2FSuoVjo4szVXh6iaojMFFiJQ3M0Vk2iFlV1gk%2Beo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 86f97a187aec9049-FRA

GET
H2 200 form-124.js Show response
hubspotonwebflow.com/assets/js/ 10 KB
3 KB 109ms
54ms Script
application/javascript 76.76.21.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/assets/js/form-124.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.241 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::f95td-1712319466368-1e7f75e24efc
age: 1327338
x-matched-path: /assets/js/form-124.js
etag: W/"392ca1f460caa2aa9439969a89f31c13"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="form-124.js"

GET
H2 200 6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js Show response
assets-global.website-files.com/ 144 B
627 B 64ms
59ms Script
application/javascript 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fKVYVp7VLozdKwo7Gp68VwPn_1qCAcOV
content-encoding: gzip
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
date: Fri, 05 Apr 2024 01:49:38 GMT
age: 39895
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 131
last-modified: Tue, 26 Dec 2023 09:16:55 GMT
server: AmazonS3
etag: "94d95acc94c6624c39cb9873e3da3787"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: eqIP_H23TowQ3CaSNjZRhhVGd8cvIVCAQsMGHYtwDuSLjbkvSABbiw==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/ 501 KB
201 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3958a93184f498eaa140c746fa8b3ce7e540d38898f2b1c1acf9c7e8f6c5f429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 11:33:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2637
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205471
x-xss-protection: 0
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Apr 2025 11:33:49 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 325 KB
102 KB 100ms
46ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f624c5aded15609cc66783186c27fee142ba8e895793973e783d4bf448dfc17d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103841
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 55ms
51ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 5d3cypit2iz8.js Show response
js.driftt.com/include/1712319600000/ 212 KB
60 KB 250ms
171ms Script
application/javascript 18.245.86.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1712319600000/5d3cypit2iz8.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-87.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
via: 1.1 f638767bb567304644b370360b61ed30.cloudfront.net (CloudFront), 1.1 81cb77eb84eee291ebbd90b4c274c1c4.cloudfront.net (CloudFront)
date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
x-amz-cf-pop: IAD61-P3, FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Mon, 21 Aug 2023 14:57:31 GMT
server: istio-envoy
etag: W/"576cdc1c0941a520c47b54aef3b463f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=10
access-control-allow-credentials: true,true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PO_atFA_rEFr6mPcH2d6c1lz5VJ2TRgj3jWehAlP_m9O0s6rkQBKhg==

GET
H2 200 AWGoGO5jnvY
www.youtube.com/embed/ Frame 89B6 0
0 160ms
114ms Document
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/AWGoGO5jnvY?si=QVZ66js3CVQEZlVY

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-cpDaSvy-Z0JxRfInS90-9w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 05 Apr 2024 12:17:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gist-embed-5d675001c930.css
github.githubassets.com/assets/ 51 KB
11 KB 68ms
19ms Stylesheet
text/css 185.199.110.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://github.githubassets.com/assets/gist-embed-5d675001c930.css

Requested by

Host: gist.github.com
URL: https://gist.github.com/JohnHammond/fac42eefb1bb137d1d8b5707d67d6964.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.110.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-110-154.github.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

dae47b8a97cc1b620189dde91132381608aa694f536691fb272780fd1f45e4c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 3612ee280b21f60e37902a5be31ebeb9371b6511
date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31536000
age: 69221
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 10648
x-served-by: cache-iad-kjyo7100023-IAD, cache-fra-eddf8230060-FRA
last-modified: Thu, 04 Apr 2024 01:08:23 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8DC5443B9845DF7
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 6, 235

GET
H2 200 655efb41f4bb20e00c9cfe91_Group%2039892.svg
assets-global.website-files.com/655d92689c415e9fefcf2368/ 673 B
1 KB 97ms
97ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/655efb41f4bb20e00c9cfe91_Group%2039892.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Jan 2024 09:25:47 GMT
x-amz-version-id: 2SPzchtrPJOOCpA0jo4V.YS2Osqybov7
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 7959120
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 673
last-modified: Thu, 23 Nov 2023 07:12:03 GMT
server: AmazonS3
etag: "48aeeba05bcceb164d7432689b3bb357"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 7XI-JO-jvThhJojXNUM0kmjt4KS8tb7aJZheNQ-ppC0xmCWtdiwAzw==

GET
H2 200 6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 20 KB
21 KB 106ms
57ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 29 Dec 2023 12:03:52 GMT
x-amz-version-id: 4frLyUq9eYNLo7inr9AWHf_d33ZSkDwJ
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8468035
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 20916
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "833d58f5538bb02b9d3e362ca829ece7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: omMlwPaRJnn7OOoskb8PN0Dr1G-u7k-k4btfJL3FcAJZfdUJjGzx6Q==

GET
H2 200 6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 17 KB
18 KB 85ms
36ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: At.YFBHJO4EQclecPPM23aBnfk3j2h1H
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8524478
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 17728
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "fd0185054945b2abe907dc7e524389c9"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: p9jUxdifTTK8gUT42r-ZgkjabrT41O7pheRFpub55uWB4lNsu14iKw==

GET
H2 200 6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 18 KB
18 KB 114ms
65ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:17 GMT
x-amz-version-id: 4JksoGDTlz479HpJYtobtrz0YXSwp3Rx
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8524470
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 18204
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "5aec097021a58170197314c745d296db"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: ALCVF32BwjCz7z6Gupj9mkefBHi4Hv1IBJ-Lniv5rOMA4dQyqgwOFw==

GET
H2 200 6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 21 KB
21 KB 110ms
62ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: 6cft5KdwVHtlIu77Lo8AxPLF1V_1aCGv
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8524478
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 21280
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "4be3159e8cb3fb66b8e847dd0bedb2ed"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 6f8rs7pJBi9kkgNc63V1sbUIR_xeyX9DBpy06jq2SkK0ZY7sHXtPdg==

GET
H2 200 6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 18 KB
18 KB 73ms
25ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 13 Feb 2024 08:31:44 GMT
x-amz-version-id: SgNlIeK2CMt3IfgkJzcYPm6BQJFO8VdG
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 4506363
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 18124
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "b62b51b8a8a1c83c200a484a4149c151"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: blFisPqRHHBuhNZYbyJi5f1Bwuk4W2PiqeeN9mvyGhHizOhuQa3hrg==

GET
H2 200 6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 20 KB
20 KB 92ms
44ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 15:22:36 GMT
x-amz-version-id: 1AmjYc4ysufx24AJ6PfPPYoNyma6Viac
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8369711
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 20300
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "07fd1c3f396e8b19e3076e1167800fb5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: zvGLdph3BhjRYzaGtRyHroNfxFckXaapS5w2YccObYjTi6JD_KxCgA==

GET
H2 200 6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
assets.website-files.com/6579dd0b5f9a54376d296915/ 55 KB
29 KB 98ms
50ms Font
application/x-font-ttf 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 15:55:33 GMT
x-amz-version-id: quM.7z1k_e9xiPUszqLumStS9j4JLmMp
content-encoding: br
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8540534
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 13 Dec 2023 16:34:21 GMT
server: AmazonS3
etag: W/"541d84af93ed55a92a75644198c26ca5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: KbXo0oLJzubqxIh9BuD87aD0WGU9WlIu723PKGan4428ZnB0S4K90g==

GET
H2 200 655ddcc107aef728354e9cbf_Huntress-logo.svg
assets-global.website-files.com/655ddcc107aef728354e9c2a/ 16 KB
13 KB 90ms
90ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Jan 2024 08:44:23 GMT
x-amz-version-id: ll9DT5jxvCo6dqqJTOhzWIKk94gBwQHc
content-encoding: br
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 7011204
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 22 Nov 2023 10:49:38 GMT
server: AmazonS3
etag: W/"1b58a7f9d25209475f7150623a7b9993"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: AL1uRvyx60nqdzZvNzT68iLBrGVwsk4h8_nNioAD_4QG9yOnDuRlnA==

GET
H2 200 656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
assets-global.website-files.com/655d92689c415e9fefcf2368/ 407 B
866 B 90ms
90ms Image
image/svg+xml 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Jan 2024 14:43:06 GMT
x-amz-version-id: 6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 7853680
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 407
last-modified: Fri, 24 Nov 2023 10:23:48 GMT
server: AmazonS3
etag: "7b97da408ecd186da2775e85d3b5fc35"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: j5mPKSAfGvxseQU4uNuNyYbufIHnAfH8KMBmQ043eQMZsWEDcpa8Xw==

GET
H2 200 6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 2 KB
3 KB 91ms
90ms Image
image/webp 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 0.i3tZnqpf4mpcjZIZI6k.PdzUSOLecT
date: Fri, 05 Apr 2024 02:00:47 GMT
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 37020
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2196
last-modified: Thu, 21 Dec 2023 07:39:51 GMT
server: AmazonS3
etag: "3574559fb267295e5e44a4509e2e6e4f"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: lHaODVRm-Bg8J4Og06fT0nPsrqRUhw2CE2asZYByjHcA3lneJmyjZA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 320 KB
102 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b36258e8c01dca280ee735325ce27bf09bbaf656af7fcdde5e8a564936127769

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 247 KB
85 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1b7c07a1a6686f252990c3165925b5ca16269e5b2aa0b765fd28b17594c4a77f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87310
x-xss-protection: 0
last-modified: Fri, 05 Apr 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 48 KB
17 KB 124ms
36ms Script
application/javascript 2a02:26f0:3500:16::215:1490
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1490 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Mar 2024 16:03:53 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=73059
accept-ranges: bytes
content-length: 17224

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 28 KB
9 KB 93ms
21ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Feb 2024 20:38:48 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8702

GET
H2 200 qevents.js Show response
a.quora.com/ 41 KB
14 KB 128ms
53ms Script
text/plain 162.159.153.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: jrgqQn59BHyNBJEhUqaibHl1Lk06.AzO
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: M04HPBTPY5GDBBF5
age: 672241
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Tl+NCrT4/ROq8BOB/jXEFbjekr+B/799PB4hsh4cPaz8GcT19YQzaMe+k+f+IJxKpv7tKCeNqoQ=
last-modified: Thu, 28 Mar 2024 17:33:19 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:87b5ecaafd0e88097cbbb1bbb7695fe9
etag: W/"87b5ecaafd0e88097cbbb1bbb7695fe9"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 86f97a1a1c71927a-FRA
expires: Fri, 05 Apr 2024 16:17:46 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 100ms
26ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220109-FRA

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 120ms
46ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 05 Apr 2024 12:17:46 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D34592847EC04A6FBA058BC5292B0A3C Ref B: FRA31EDGE0113 Ref C: 2024-04-05T12:17:46Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 92ms
22ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ebcc80bf5e0568d173b31bee579c02a725832f916de3656f7a36f94df865d168

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 05 Apr 2024 12:17:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57928
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1294, tbw=2801, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RilQNzJZhimRZNlzy47O520Lrqllkw02HVv7fe6aiUXheB9hfdHQM2VQX1rNLDGw6gFaC+f8/6HJhkd7FvBktQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1006267.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 958 B
2 KB 201ms
131ms Script
text/javascript 2606:4700:4400::ac40:90e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&e=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 561e1d7d-89de-4fff-8533-750e08ee7a92
x-runtime: 0.003643
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"14c59924cdca7796d9578872e6933998"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 86f97a1a1b79361b-FRA

GET
H2 200 e666a54d-ff29-48f9-9baa-2be6ac05412e.js Show response
j.6sc.co/j/ 837 B
837 B 434ms
433ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
content-encoding: gzip
date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 438
pragma: no-cache
last-modified: Fri, 18 Aug 2023 17:22:32 GMT
server: AmazonS3
etag: "29df5bb770be8e518fe2206581f712a6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: DdZxHz3m2cHhaJOT0Gbm333Pv-rAa-591ojqHyeBQBEqCP2hmzzO7g==
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 172ms
111ms Script
text/javascript 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 75207b3d45aa1547d8d1d1d65885b806d14c1539fecb9b31bba345ef682e0f00

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 05 Apr 2024 12:17:46 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 10 KB
4 KB 118ms
53ms Script
application/javascript 18.66.102.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-11.fra56.r.cloudfront.net

Software

Resource Hash

9551e65f192e4bd73b1c721166dd77e45a1f3ed2b9fb841c7779a07e1fd6a5af

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Fri, 05 Apr 2024 12:17:46 GMT
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/a73110a781370b9c610034f4fb765cf9
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: sMs9fXnWnoRKCEsezLASf5c9sqIICtOEt4mbNe5t7GqWaRZetiTcYA==

GET
H2 200 NeverBounce.js Show response
cdn.neverbounce.com/widget/dist/ 96 KB
29 KB 94ms
24ms Script
application/javascript 18.245.46.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 04 Apr 2024 19:51:10 GMT
content-encoding: gzip
via: 1.1 7ab8983df8c6e33475e52fb04de82cbc.cloudfront.net (CloudFront)
last-modified: Mon, 02 Mar 2020 18:37:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P9
age: 59197
etag: W/"c1e06621030dfcba15b88abbcaa546eb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: bMLKET9YkLtmeg7pC44pePNNWb5RDmA5eGbC-JF3vH1P5BIZaKHg7A==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 99ms
55ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 74658
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 86f97a1a8dd51cbd-FRA
expires: Fri, 05 Apr 2024 12:37:46 GMT

GET
H2 200 site-script.js Show response
cdn.metadata.io/ 8 KB
3 KB 99ms
21ms Script
application/javascript 2600:9000:223c:b400:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-script.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:b400:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

22b1fb6f9f99cbad02dd31a2a03ad13f70ff07bd59d1e584b17766708c58d4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: lw__cHl8hG2Sna8GFnUAXox5scayrVfV
content-encoding: br
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
date: Fri, 05 Apr 2024 04:40:41 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 27427
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 05 Mar 2024 21:33:37 GMT
server: AmazonS3
etag: W/"fc1d11633ce7d2722bf71a7e7f5abde8"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: vO8YVUUeal9Kv2CzE2uBtwD9-HI_SqzSgum4dPUhKKcHb3E5O5iGcQ==

GET
H2 200 site-insights.js Show response
cdn.metadata.io/ 3 KB
1 KB 84ms
22ms Script
application/javascript 2600:9000:223c:b400:9:d7d4:1380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.metadata.io/site-insights.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:b400:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

86f3464b435f45ef498bc2a621cad3de242cfae23932b1f8a02244309a68173b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: EKO3EAYu2jpZrdQQfpOFGk3pdfA6AAQC
content-encoding: br
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
date: Fri, 05 Apr 2024 01:26:56 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-P2
age: 39051
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 22 Mar 2024 02:23:38 GMT
server: AmazonS3
etag: W/"0b8c32bd74fbe7b22dd7487f9d663115"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-amz-cf-id: e9fGmh7UEOAeSj8L1nc1pVCYzF3qgGcIlStXHRSk5Um-zypT2hSAnQ==

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/ 43 B
423 B 484ms
116ms Image
image/gif 52.45.52.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.45.52.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-45-52-13.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 05 Apr 2024 12:17:47 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,2854bebb17854c777eb6b8d84097e7fa,10.0.0.101,19838,217.114.218.23,,354195471311,1,1712319467.050,0.001,,.,0,0,0.000,0.000,-,0,0,203,171,85,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/ 19 KB
19 KB 26ms
26ms Font
application/octet-stream 2600:9000:235a:0:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.4fa7a55b5.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:0:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://assets-global.website-files.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id: 1upZc36cdk27x7Arg8l9thaL3L34ome5
via: 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront)
age: 8524478
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 19348
last-modified: Wed, 13 Dec 2023 16:34:20 GMT
server: AmazonS3
etag: "a0118c6d18835732ae0eb880babc7598"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: XCbDojGkRU8qi8OJl-FbQJ-Gv8Oo3IrI0f6TuifemBzbTFW2MDDG-g==

GET
H2 200 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js Show response
huntresscdn.com/ 111 KB
112 KB 99ms
43ms Script
text/plain 2606:4700:20::681a:1ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:1ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Apr 2024 11:32:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2699
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WylDBLlOkeFqdPG53MD%2BFmzxrr0D0nk4wH3AhRT9XgEAmgWftkYaUYrCE8eGMpxcqAf66jPObKndQfelGjYdx4BLZa76zdK03kJac8Bq8jt12dr2XHEjXVTEYPUoFZ3AniI09ZT7LerHJDJZaA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: max-age=14400, maxage=14400
accept-ranges: bytes
cf-ray: 86f97a1ac9403810-FRA
content-length: 113865

GET
H2 200 3911692.js Show response
js.hs-scripts.com/ 3 KB
664 B 39ms
38ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/3911692.js

Requested by

Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69df4becef48bcb1dc225a69f501f3e553c2daa441ffc6fdcfc389caff7d9904

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: e5449c5d-8c6d-4e2d-afe9-e8d2396f7d7f
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=3008
age: 0
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e5449c5d-8c6d-4e2d-afe9-e8d2396f7d7f
cf-bgj: minify
last-modified: Fri, 05 Apr 2024 12:17:46 GMT
server: cloudflare
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-drpwv
x-evy-trace-virtual-host: all
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 86f97a1a6ae91bc3-FRA
expires: Fri, 05 Apr 2024 12:19:16 GMT

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1712319300000/ 70 KB
22 KB 191ms
145ms Script
text/javascript 2606:4700::6810:4cba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1712319300000/3911692.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4cba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d9f49166505c59f2cecf5d0e790ee32f3049e93d0ccfea46603d224a3ee784e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: AJ6B5K40P2JD4F3Z
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3a311568-9303-40a2-94f4-cb11e1998f19
x-envoy-upstream-service-time: 18
x-amz-id-2: kHJ3/70qKgioHx27YzWSXDgYSHLS1W+XsY63IAl8sXWwX2tQCyPwtcBoa3fczTszou860hLyRUYdygHiVtsaPw==
x-evy-trace-listener: listener_https
x-request-id: 3a311568-9303-40a2-94f4-cb11e1998f19
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Apr 2024 15:49:38 GMT
server: cloudflare
etag: W/"1f61a021370c342fe3e1c2f68f8c9cb5"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 86f97a1ac8aa2c20-FRA
expires: Fri, 05 Apr 2024 12:22:46 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 86ms
32ms Script
application/javascript 2606:4700::6812:8911
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 6903
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js&cfRay=86f8d1910a9c65df-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d252299cef5b9176cf0435e72e0baeeb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js
date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: FzXUOelq5PzvbDhLOc3Au0ThiCBuXHAc
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 762357ab-bfcd-4b7b-b24b-56b6d4495b93
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-request-id: 762357ab-bfcd-4b7b-b24b-56b6d4495b93
last-modified: Wed, 03 Apr 2024 09:27:53 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-6zsl2
cf-ray: 86f97a1aeefb4d52-FRA
x-amz-cf-id: Wdxc2RDeM1Qc3d_8Qoc_JHCHmcrkYPuoMYqa8WhE3UH-_ZyJinGV0g==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 186ms
133ms Script
application/javascript 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: TBuW8j2Zg4wDwUJfaxQJP8dPtvRalswh
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 97c1cccd-dd02-4c10-84fc-5ba3a392d174
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.487/bundles/project.js&cfRay=86f97a1b1aff363f-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 97c1cccd-dd02-4c10-84fc-5ba3a392d174
last-modified: Thu, 28 Mar 2024 11:43:17 UTC
server: cloudflare
etag: W/"d1b5d702ce4c8385e7f9e088139af398"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-72bsp
cf-ray: 86f97a1b1aff363f-FRA
x-amz-cf-id: kYWpyCfb1PzNNw6b5C7F0VTaCSelrlt0qjC5_K8NDFAqDXQfVRYjkQ==
x-hs-target-asset: collected-forms-embed-js/static-1.487/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 183ms
138ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.995/bundles/project.js&cfRay=86f97a1b28e63605-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d838571cd390adf273ef11f2c93c66a2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.995/bundles/project.js
date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: e6CBI7TNV0080vUb0QC9_Ce844NXultr
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 967adb53-a47c-4984-b100-20c13ce103ba
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-request-id: 967adb53-a47c-4984-b100-20c13ce103ba
last-modified: Wed, 20 Mar 2024 13:03:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2F3w6I7n2gI%2B%2Fi2QNO%2FyLeSAEO%2BRZhOz0ouqQ6RGEyJvj94jE3N5ZnCvVjgksyNN1ojhWgLHK%2FpyS1VLJo6wVbQZMaio8IrUi7CorSQi1YYNrCpGHf7%2FJ90%2BSL0AKJm%2FRYDL0GXUCMr1S%2B7t"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-trtck
cf-ray: 86f97a1b28e63605-FRA
x-amz-cf-id: XeXstbitx8RPfqE6lWROvIP74sno4cEF2gr-mrI-Pg5qXGkfmtxosA==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 74ms
27ms Script
application/javascript 2606:4700::6811:e3a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-amz-version-id: NPmBAW9YLDyQDhAGPmBdyF1DJfeS0dQT
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 54
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.546/bundles/pixels-release.js&cfRay=86f978c599d8916e-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 766d7d8c-e29f-49c5-9b8d-d67d37bcbecb
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 766d7d8c-e29f-49c5-9b8d-d67d37bcbecb
last-modified: Thu, 04 Apr 2024 13:54:33 UTC
server: cloudflare
etag: W/"437693b047b4419d0e2549e3f640e3c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-7rrlj
cf-ray: 86f97a1b298139eb-FRA
x-amz-cf-id: JVWCs_p09F9Odd1TI7CMrtlsBHcOF5nFOgNv5s0N8yTJ72jxwl2rzQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.546/bundles/pixels-release.js

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 61 KB
17 KB 395ms
344ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75bb32a2e2126660c4f0883898ae834da739f3eeeb1b888bdab2e3044927ce85

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
x-amz-version-id: 0vKE8CjslpJ4jPhtIMQWg4QuBW7ST_YP
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 4J9A150SE9PSX5CD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 6e33c683-4be6-4a3b-8c36-824cdf94817c
x-envoy-upstream-service-time: 26
x-amz-id-2: tozklMoWb9KA509zKn1WVTRiEobsBnQ+Ew6+eqDwBEo6ezg4PXC7eNojO8VlYN4KsW4At9vWaYc=
x-evy-trace-listener: listener_https
x-request-id: 6e33c683-4be6-4a3b-8c36-824cdf94817c
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 29 Mar 2024 16:24:00 GMT
server: cloudflare
etag: W/"c5ae70fcbbbf610ecb86f40ac244c47f"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6dfb9475dd-r2qwz
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 86f97a1b4a6c916a-FRA
expires: Fri, 05 Apr 2024 12:22:47 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 81ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je4430v9122196611z89171248136za200&_p=1712319465913&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=810517689.1712319467&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712319466&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&dt=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1115
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 97ms
37ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GCTMBVFESS&cid=810517689.1712319467&gtm=45je4430v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 89ms
43ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=810517689.1712319467&gtm=45je4430v9122196611z89171248136za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1835687489

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 429191348
google.com/pagead/form-data/ 0
0 75ms
29ms Ping
text/html 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/pagead/form-data/429191348?gtm=45be4430v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=1883371766.1712319466&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f14.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

POST
H3 204 429191348
google.com/ccm/form-data/ 0
17 B 49ms
28ms Ping
text/plain 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/429191348?gtm=45be4430v9136018371z89171248136za201&gcd=13l3lPl2l1&dma_cps=sypham&dma=1&npa=1&pscdl=noapi&auid=1883371766.1712319466&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-429191348&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.huntress.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 3AAB 0
0 68ms
40ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=qu6dxw6gfnz7

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bSDqYcwt4NOpOoHAFCy-tw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-bSDqYcwt4NOpOoHAFCy-tw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 05 Apr 2024 12:17:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 t2_12z44i_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 70ms
30ms XHR
application/json 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 98

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
75 B 67ms
21ms Image
image/gif 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1712319466692&id=t2_12z44i&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=6e543f2c-4b45-4793-96ba-16f109bcbd12&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 25ms
21ms Image
image/gif 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1712319466693&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=6e543f2c-4b45-4793-96ba-16f109bcbd12&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 265ms
212ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=51da3b2f-bc2f-4ae3-8690-002cc3e5a8e0&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=05a9ef30-a310-4c97-9448-83a1415f4ade&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 186
date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: cf2226a57835a7ec
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: c759be2f377935336e172ee7a37f4593be5eac18805a364fff059cd9c230173b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
727 B 258ms
205ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=51da3b2f-bc2f-4ae3-8690-002cc3e5a8e0&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=05a9ef30-a310-4c97-9448-83a1415f4ade&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.30

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 179
date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 895f7a96b7f9905f
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 24eae822802a6254b63e62cd44d032ad979dd54b58b9e20b5ebdbec3ee5f4da7
content-length: 43

GET
H2 200 403957864408442 Show response
connect.facebook.net/signals/config/ 65 KB
13 KB 163ms
161ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/403957864408442?v=2.9.152&r=stable&domain=www.huntress.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a4f1eb17105eabb75b4750c05f469c570e3c18cc79aab3fdd2dfc8d657ca7266

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 05 Apr 2024 12:17:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=25, rtx=0, c=65, mss=1294, tbw=63270, tp=-1, tpl=-1, uplat=135, ullat=0
pragma: public
x-fb-debug: VS0gCZTiPRmYcthLTTLA78SLZ6Ne2cHN+lPI3Bj6neBIpJF+WE09bUrM7jmXycbc9ne5dX2tiEg9br2stFagPg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 103ms
55ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4d5c28787419e7eaee569549d12df6ea9b1e7aa76e6f2a08b28ab812bfc1486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-92sVb8fAxmDTYYLl0M2-NA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3281745%26time%3D1712319466723%26li_adsId%3De7405581-8181-4168-a995-21855b4c66a0%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-und...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-un...

0
265 B

281ms
200ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQLlPXZxlUnxVwAAAY6uMY97ATYxfr8ymtFF8K-i4tk5vb-SUZIY-PIiXp3AyNZP1kAl9VtRIpz8
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 0A2DF9B433EE4FDF9964F9077E2485C4 Ref B: FRAEDGE1810 Ref C: 2024-04-05T12:17:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVWHGcmUbHsT8AufCDTQ==

Redirect headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5CF9487B99D94F6E8F51A47FCF9D7F0D Ref B: DUS30EDGE0310 Ref C: 2024-04-05T12:17:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1712319466723&li_adsId=e7405581-8181-4168-a995-21855b4c66a0&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&cookiesTest=true&liSync=true&e_ipv6=AQLlPXZxlUnxVwAAAY6uMY97ATYxfr8ymtFF8K-i4tk5vb-SUZIY-PIiXp3AyNZP1kAl9VtRIpz8
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYVWHGYXEeiFUi5RA/qFg==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
620 B 270ms
199ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.huntress.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BE06785A47FC4086BFA5DB62FB98A670 Ref B: DUS30EDGE0310 Ref C: 2024-04-05T12:17:46Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.huntress.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYVWHGQ5z0oNQEUkP6fWA==

GET
H2 200 modules.429236d560f51d186b8b.js Show response
script.hotjar.com/ 221 KB
55 KB 88ms
24ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.429236d560f51d186b8b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

fa8cabe3021c19ba54e07d28a7722cd4bfdef39dea07207518113f7e161166bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 10:18:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 7180
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55714
last-modified: Fri, 05 Apr 2024 10:17:11 GMT
etag: "f153d7cc62fba42a4a256996815cbb73"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: jozVaBK_xuKmN_jTjxTkWta84IzmaiEaN0f6lWrP5ukKbw0Fc-zkag==

GET
H2 200 187059084.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 48ms
45ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187059084.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Fri, 05 Apr 2024 12:17:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 78DE81C166684998A8EFA89084F06875 Ref B: FRA31EDGE0113 Ref C: 2024-04-05T12:17:46Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
287 B 44ms
44ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=d000bb46-6e01-4fe7-9228-ce56fac733c8&sid=8312e270f34611ee9394b3a296627da1&vid=83132150f34611ee8eb0b94c58d92b5e&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=800&sh=600&sc=24&tl=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&r=&lt=1150&pt=1712319465532,,,,,2,34,34,34,177,80,177,270,276,273,1140,1144,1150,,,&pn=0,0&evt=pageLoad&sv=1&rn=233838

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 05 Apr 2024 12:17:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C3450F658E2843908FF648D9F744C613 Ref B: FRA31EDGE0113 Ref C: 2024-04-05T12:17:46Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 110ms
110ms Stylesheet
text/css 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 39dd768727349c07dafbe5413239bce1bb5b8ff534e3846ae4ec2f335770fda0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 05 Apr 2024 12:17:46 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 150ms
111ms Fetch
image/jpeg 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 05 Apr 2024 12:17:46 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 149ms
110ms Fetch
image/jpeg 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 05 Apr 2024 12:17:46 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
441 B 130ms
128ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1712319466744&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17715818
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:46 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPogfZ2JLBnrrxlj6BaFqtNikCDb56RN7Ees-gc6wXYXy5RFUtFvKccb8wE3FKainn64SPg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Fri, 05 Apr 2024 13:17:46 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 176ms
122ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1712319466744&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 05 Apr 2024 12:17:46 GMT
expires: Fri, 05 Apr 2024 12:17:46 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPpgw-JXnMSojlsP96zgJmEnAy4RIrO_AJ-oyFqukrNHpbngYhet1GCYXV4tD9-yMOavBg

OPTIONS
H2 200 traffic
api-gw.metadata.io/ Frame 0
0 617ms
196ms Preflight
application/json 54.71.94.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.71.94.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-71-94-159.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
content-type: application/json
date: Fri, 05 Apr 2024 12:17:47 GMT
x-amz-apigw-id: VwHMzF-BvHcEA1w=
x-amzn-requestid: 3e0c32cf-4a92-417e-b35c-a4ea72d2d9f8

POST
H2 202 traffic
api-gw.metadata.io/ 0
0 206ms
206ms Fetch
application/json 54.71.94.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-gw.metadata.io/traffic
Requested by: Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.71.94.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-71-94-159.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: f8ee5290-679f-4bac-aca5-d5554cc0df72
access-control-max-age: 1728000
access-control-allow-methods: OPTIONS,POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length: 0
x-amzn-remapped-date: Fri, 05 Apr 2024 12:17:47 GMT
x-amz-apigw-id: VwHM1GGpPHcEhSA=

POST
H2 200 tp2 Show response
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/ 53 B
325 B 213ms
163ms XHR
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2

Requested by

Host: huntresscdn.com
URL: https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-methods: GET, POST, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 53

OPTIONS
H2 200 tp2
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/ Frame 0
0 90ms
25ms Preflight
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: https://www.huntress.com
content-length: 0
content-type: application/json
date: Fri, 05 Apr 2024 12:17:46 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin

GET
H2 200 187059084 Show response
www.clarity.ms/tag/uet/ 829 B
1 KB 208ms
118ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/187059084
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/187059084.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d204379e8ce79fa8140107c2ef57def0f66a3ed415cc023286e6e6676874d917

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Fri, 05 Apr 2024 12:17:47 GMT
x-azure-ref: 20240405T121746Z-164d799447dqjxfdaphww13x4c00000001z0000000013xxx
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 829
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/1ced3a71/www-widgetapi.vflset/ 216 KB
67 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/1ced3a71/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9af2551784a3f4116f8ed6d1ec5e7bb3b619e3a8ed3a0399eb3bbe375b2775a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 11:52:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68372
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 04:16:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 05 Apr 2025 11:52:32 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
425 B 135ms
132ms XHR
application/json 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 85af2b04-5d4f-4ec6-80dc-913ef5ea18ca
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 85af2b04-5d4f-4ec6-80dc-913ef5ea18ca
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-72bsp
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 86f97a1c3bef363f-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 84ms
29ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&rl=&if=false&ts=1712319466906&sw=800&sh=600&v=2.9.152&r=stable&ec=0&o=4126&fbp=fb.1.1712319466904.741216021&cs_est=true&ler=empty&cdl=API_unavailable&it=1712319466709&coo=false&rqm=GET

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1294, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 05 Apr 2024 12:17:47 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 433 B
1 KB 145ms
145ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1f61fc81-18cf-42bf-8a57-6647fcf7577a
content-encoding: br
x-envoy-upstream-service-time: 15
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1f61fc81-18cf-42bf-8a57-6647fcf7577a
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCjX6ajhtWQP8N6Xayt2fOetiV38iidxPKMLnFpDTi8mr6R5kkWhMjcf8eLAASqtgZGDCzn%2Faa1D%2BoAilUg9g44zJ6K%2BH1P7ybDv3gO8wrCAZ%2Fiqup9Y1dL9aNcHX0%2Fm6GsF%2BglL7waxpxgup3B48Hi6zm4GjwljQqg%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 86f97a1c49e33605-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fgth6

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 32ms
30ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Fri, 05 Apr 2024 12:17:46 GMT

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
281 B 399ms
125ms Script
application/javascript 3.230.6.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_437330

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.230.6.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-230-6-246.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fc90151afd381bc28059a000eeb19a424415d83258b07bc0577fe3988e814ed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private
x-ua-compatible: IE=Edge

GET
H2 200 notify Show response
api.neverbounce.com/v4/poe/ 62 B
282 B 397ms
124ms Script
application/javascript 3.230.6.246
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_145200

Requested by

Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.230.6.246 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-230-6-246.compute-1.amazonaws.com

Software

nginx /

Resource Hash

57ffc529e595ef597763756d17f524e74cb7f674da8db014f0ba70f78432cb6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private
x-ua-compatible: IE=Edge

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
333 B 115ms
115ms XHR
text/plain 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&tip=b1d5HbDNmMmmb1Uh5M5Tbc9VjyiI8KJg3IqX31V5pEM&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9548377353aa25ea3448f639b972d75f0d972da17&sa-user-id-v3=s%253AAQAKILc9PIkZuxhl46XHtKlu9P0kXauNH8-16qqjDPa18azmEHwYBCDq17-wBjABOgT7-sM6QgSfkzDX.%252Bcgn35FtUMODizOY3KK6eeF8c88O3LUehjO6DfJolMY&sa-user-id-v2=s%253AVIN3NTqiXqNEj2Obly118Nly2hc.tnvvhMbhfoxXGJt%252Ff3vPN1k77ZmM3F2HPZ%252BpZT3O8%252BI&sa-user-id=s%253A0-54837735-3aa2-5ea3-448f-639b972d75f0.G5lBsa%252FEldpabPOLsU8YSpWvZeoq9hl3hfehnMwWW9M
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.huntress.com
date: Fri, 05 Apr 2024 12:17:47 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
333 B 113ms
113ms XHR
text/plain 3.65.91.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26%20CVE-2024-1708%20%7C%20Huntress%20Blog&tip=b1d5HbDNmMmmb1Uh5M5Tbc9VjyiI8KJg3IqX31V5pEM&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=%270-54837735-3aa2-5ea3-448f-639b972d75f0%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9548377353aa25ea3448f639b972d75f0d972da17&sa-user-id-v3=s%253AAQAKILc9PIkZuxhl46XHtKlu9P0kXauNH8-16qqjDPa18azmEHwYBCDq17-wBjABOgT7-sM6QgSfkzDX.%252Bcgn35FtUMODizOY3KK6eeF8c88O3LUehjO6DfJolMY&sa-user-id-v2=s%253AVIN3NTqiXqNEj2Obly118Nly2hc.tnvvhMbhfoxXGJt%252Ff3vPN1k77ZmM3F2HPZ%252BpZT3O8%252BI&sa-user-id=s%253A0-54837735-3aa2-5ea3-448f-639b972d75f0.G5lBsa%252FEldpabPOLsU8YSpWvZeoq9hl3hfehnMwWW9M
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.65.91.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-91-158.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.huntress.com
date: Fri, 05 Apr 2024 12:17:47 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame 097C 0
0 35ms
34ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5DvlB4xlnXuHcuxgob467Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-5DvlB4xlnXuHcuxgob467Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 05 Apr 2024 12:17:47 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 37ms
22ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
316 B 120ms
21ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:47 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.huntress.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:2:240:3247::2
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712319467090_388391911_187022847_29_1065_19_41_219";dur=1
content-length: 23
expires: Fri, 05 Apr 2024 12:17:47 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.26/ 60 KB
25 KB 43ms
43ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.26/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187059084
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: br
last-modified: Mon, 01 Apr 2024 13:40:06 GMT
etag: W/"0x8DC52513DD96806"
vary: Accept-Encoding
x-azure-ref: 20240405T121747Z-164d799447dqjxfdaphww13x4c00000001z0000000013xy6
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 6b25eb8d-501e-0029-2cc9-8610af000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
882 B 161ms
134ms Image
image/gif 104.18.160.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.160.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ee7067e8-18d4-4094-b72d-5c93d961394a
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ee7067e8-18d4-4094-b72d-5c93d961394a
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-g8wpd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 86f97a1d3a649107-FRA

GET
BLOB 200
OK 5eb6aade-dcca-4bab-a359-d2443addb7eb
https://www.huntress.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.huntress.com/5eb6aade-dcca-4bab-a359-d2443addb7eb
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
925 B 169ms
144ms Image
image/gif 104.17.239.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.239.249 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 09bea4cf-5fc9-418a-9338-7dfaef09b77a
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 09bea4cf-5fc9-418a-9338-7dfaef09b77a
last-modified: Fri, 05 Apr 2024 12:17:47 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-qpnsw
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 86f97a1d5b86bbaa-FRA

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
175 B 145ms
145ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0d1ef558-c761-4e72-bdf8-63113d46dfbe
x-envoy-upstream-service-time: 18
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0d1ef558-c761-4e72-bdf8-63113d46dfbe
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 86f97a1eba3803e4-FRA

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 172ms
129ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 86f97a1de98503e4-FRA
content-length: 0
content-type: application/octet-stream
date: Fri, 05 Apr 2024 12:17:47 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: a2fab59d-97ad-49a1-b4a6-3f01c24b3c2b
x-request-id: a2fab59d-97ad-49a1-b4a6-3f01c24b3c2b

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
296 B 697ms
449ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Fri, 05 Apr 2024 12:17:47 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
702 B 138ms
55ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:47 GMT
an-x-request-uuid: 00e7ba40-2cd2-44b3-9274-62cef6949f62
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.23; 217.114.218.23; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 80ms
80ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
315 B 27ms
27ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:47 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.huntress.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:2:240:3247::2
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712319467780_388391911_187023222_20_928_19_0_219";dur=1
content-length: 23
expires: Fri, 05 Apr 2024 12:17:47 GMT

GET
H2 200 core
rc-widget-frame.js.driftt.com/ Frame 4E72 0
0 375ms
309ms Document
text/html 18.66.147.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=030959fa-d74b-494d-9588-8baa4aa03e5f&sessionStarted=1712319467.768&campaignRefreshToken=2818b29d-b8c3-47b4-b43b-d084426f4aac&pageLoadStartTime=1712319465808&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1712319600000/5d3cypit2iz8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.59 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-59.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.huntress.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 05 Apr 2024 12:17:48 GMT
etag: W/"6a5cea74d414ec151635bd2880abb1c3"
last-modified: Mon, 21 Aug 2023 14:57:03 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e65c822edea04e16936bdb4537763dd4.cloudfront.net (CloudFront)
x-amz-cf-id: w-Ckkt1Ax1xBgsVBrb9MAEYprdo1hKt7_JLHwwdnw917qD1Cb7YElA==
x-amz-cf-pop: FRA60-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 18

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 102ms
37ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa8204005ed25e30f3ee56dbad3afa3c011e12636e75decf2b1aaf22a1c326dd

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
x-amz-version-id: jWuK40m0MUEUayB9sycJH0u7f85X3F2r
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 80928
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Mar 2024 07:02:18 GMT
server: cloudflare
etag: W/"2cd903354c7c864dbd543d268219ef1d"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 86f97a221de32c52-FRA
x-amz-cf-id: kYgWXH_Oh_QOr5baGZQpfnbBnNATBQ-B5VyLPMZbQKoV2y3fFHVTAA==

GET
H2 200 blockedDomains.json Show response
hubspotonwebflow.com/assets/js/ 98 KB
23 KB 40ms
40ms Fetch
application/json 76.76.21.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/assets/js/blockedDomains.json

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.241 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::b7b95-1712319467784-40ccf12b554f
age: 1337764
x-matched-path: /assets/js/blockedDomains.json
etag: W/"04708d47dd194d37b8231a65de7a66f1"
x-vercel-cache: HIT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="blockedDomains.json"

GET
H2 200 blockList Show response
hubspotonwebflow.com/api/forms/ 47 B
328 B 168ms
168ms Fetch
application/json 76.76.21.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.241 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::iad1::4blgw-1712319467786-fd736e6ac008
age: 0
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-vercel-execution-region: iad1
cache-control: public, max-age=0, must-revalidate
access-control-allow-headers: Content-Type, Authorization

GET
H2 200 blockList Show response
hubspotonwebflow.com/api/forms/ 47 B
137 B 182ms
182ms Fetch
application/json 76.76.21.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62

Requested by

Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-124.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.241 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::iad1::cr6qt-1712319467785-60c9d12fdd4f
age: 0
x-matched-path: /api/forms/blockList
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-vercel-execution-region: iad1
cache-control: public, max-age=0, must-revalidate
access-control-allow-headers: Content-Type, Authorization

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 208ms
160ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&t=Understanding+the+ConnectWise+ScreenConnect+CVE-2024-1709+%26+CVE-2024-1708+%7C+Huntress+Blog&cts=1712319467779&vi=02ff0bdcc974eb3a9acc75dc7368e6e8&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8f60f02b-13a8-407d-9070-f04bf9996c12
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 22
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8f60f02b-13a8-407d-9070-f04bf9996c12
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJz%2B2O%2BrI5R1Oq1P%2BTDBmO8k0odFcACablmylfmTecg8EuMbmq7uccb7PO%2FElnCpGxyFNvNYmmahmFYKzvC1KIiUnkxXeIHFZgPd4pPib1z2q0D9BFOuzUxZXOIPPZw%2FtDehtHbhutqkGa7euyQ3"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-j86rb
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 86f97a21f8ca5d7a-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&RedC=c.clarity.ms&MXFR=0E0F8C5B875C605F07D89803835C6E5B
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&MUID=092AD1E4FD6869EB3E41C5BCFCC468B6

42 B
443 B

44ms
40ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&MUID=092AD1E4FD6869EB3E41C5BCFCC468B6
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:47 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 05 Apr 2024 12:17:47 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 630ACA90BB9146DC9C7904D05DB0B1C8 Ref B: FRA31EDGE0113 Ref C: 2024-04-05T12:17:47Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D4863E7F13543939D822729BA1E1558&MUID=092AD1E4FD6869EB3E41C5BCFCC468B6
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 342ms
330ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A2%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
522 B 180ms
180ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c941f00d48c6862b10e44acb44ac28685c9e58f9f3ea97b308d0b22915598013

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 5880e3e5891679926699
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.huntress.com/
visited_url: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

Response headers

date: Fri, 05 Apr 2024 12:17:48 GMT
via: 1.1 2ffde5fadc46cbcc3a678e8713ed76b0.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: VwHM_hJAvHcEQWA=
server: cloudflare
etag: W/"96-0dkUpG48U6BjxSqq241q+j0n0lI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 86f97a2578913671-FRA
x-amz-cf-id: 3fqLI1SYJKXwPqMrlnis5745Z6hZjDxh_RIjc8CDee3jrUBxjQVUEw==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 508ms
462ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: VwHM9g5TPHcEPmw=
cf-cache-status: DYNAMIC
cf-ray: 86f97a229d553671-FRA
date: Fri, 05 Apr 2024 12:17:48 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 2ffde5fadc46cbcc3a678e8713ed76b0.cloudfront.net (CloudFront)
x-amz-cf-id: 6Rp6sMAsDLkiKLkWZafCJ6-vSTPsFiRL3NiDrSUb6dDSO09GE3BzBg==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 283ms
283ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 314ms
314ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
296 B 115ms
115ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Fri, 05 Apr 2024 12:17:48 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 / Show response
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ 3 KB
2 KB 326ms
247ms Fetch
text/javascript 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1b1dfe9d6e215d258be237784311cfbc7ab31f747762080708ca442f1d3bdb7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
Referer: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
_vtok: MjE3LjExNC4yMTguMjM=
_zitok: 6a4d38df79c1daaafc1a1712319468
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 86f97a293ddc37f5-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ Frame 0
0 337ms
285ms Preflight
text/html 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.huntress.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86f97a26fc3f1a47-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 05 Apr 2024 12:17:48 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 687ms
686ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A46%20GMT%22%2C%22timeSpent%22%3A%222395%22%2C%22totalTimeSpent%22%3A%222395%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 250ms
249ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223396%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 66030a0ceace49bce51c36de_favicon-32x32.png
assets-global.website-files.com/6579dd0b5f9a54376d296915/ 1 KB
2 KB 23ms
23ms Other
image/png 2600:9000:21f3:2800:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/66030a0ceace49bce51c36de_favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:2800:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:08:04 GMT
x-amz-version-id: zgVWaHGriVUpkEY2ghAZ8_qygV1PEHYb
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
age: 749387
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1294
last-modified: Tue, 26 Mar 2024 17:46:53 GMT
server: AmazonS3
etag: "966e794cd99e0b0b48cd4df13cdc04a5"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: BpQhKqpatmnnaAOwLWc1qbXvC1avdLCA4EUb497pp8MxhvmSeYVcXg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 215ms
215ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A49%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224396%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 209ms
209ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=61bf7e05-adb9-43a9-8cd5-8eb289d37c03&session=7f9a496a-336f-431f-86e5-d6d44048467d&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2005%20Apr%202024%2012%3A17%3A50%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225397%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20discusses%20the%20Huntress%20Team%27s%20analysis%20efforts%20of%20the%20two%20vulnerabilities%20and%20software%20weaknesses%20in%20ConnectWise%20ScreenConnect%20(CVE-2024-1708%20and%20CVE-2024-1709)%20and%20the%20technical%20details%20behind%20this%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Understanding%20the%20ConnectWise%20ScreenConnect%20CVE-2024-1709%20%26amp%3B%20CVE-2024-1708%20%7C%20Huntress%20Blog%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fa-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass&pageViewId=97a00de9-d30b-48fc-8e7c-7306fac94adf&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 05 Apr 2024 12:17:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
296 B 128ms
127ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
Referer: https://www.huntress.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://www.huntress.com
Date: Fri, 05 Apr 2024 12:17:51 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: H_PIgQFpLAk
.youtube.com/	1970-01-20 23:57:51	Name: VISITOR_INFO1_LIVE Value: Vv2bAF3ZcAU
.youtube.com/	1970-01-20 23:57:51	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgIw%3D%3D
.huntress.com/	1970-01-20 21:48:15	Name: _gcl_au Value: 1.1.1883371766.1712319466
.huntress.com/	1970-01-21 05:14:39	Name: _ga_GCTMBVFESS Value: GS1.1.1712319466.1.0.1712319466.60.0.0
.huntress.com/	1970-01-21 05:14:39	Name: _ga Value: GA1.1.810517689.1712319467
tags.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id Value: s%3A0-54837735-3aa2-5ea3-448f-639b972d75f0.G5lBsa%2FEldpabPOLsU8YSpWvZeoq9hl3hfehnMwWW9M
.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id Value: s%3A0-54837735-3aa2-5ea3-448f-639b972d75f0.G5lBsa%2FEldpabPOLsU8YSpWvZeoq9hl3hfehnMwWW9M
tags.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id-v2 Value: s%3AVIN3NTqiXqNEj2Obly118Nly2hc.tnvvhMbhfoxXGJt%2Ff3vPN1k77ZmM3F2HPZ%2BpZT3O8%2BI
.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id-v2 Value: s%3AVIN3NTqiXqNEj2Obly118Nly2hc.tnvvhMbhfoxXGJt%2Ff3vPN1k77ZmM3F2HPZ%2BpZT3O8%2BI
tags.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id-v3 Value: s%3AAQAKILc9PIkZuxhl46XHtKlu9P0kXauNH8-16qqjDPa18azmEHwYBCDq17-wBjABOgT7-sM6QgSfkzDX.%2Bcgn35FtUMODizOY3KK6eeF8c88O3LUehjO6DfJolMY
.srv.stackadapt.com/	1970-01-21 04:24:15	Name: sa-user-id-v3 Value: s%3AAQAKILc9PIkZuxhl46XHtKlu9P0kXauNH8-16qqjDPa18azmEHwYBCDq17-wBjABOgT7-sM6QgSfkzDX.%2Bcgn35FtUMODizOY3KK6eeF8c88O3LUehjO6DfJolMY
.techtarget.com/	1970-01-20 19:38:41	Name: __cf_bm Value: fTU2fAhC.PSfrM7mtdhadDa2PvdPoROYQOX7b.7j_qQ-1712319466-1.0.1.1-ZP_35zYJPDDIUKu1tvygJX_GXRCcmZ1du5Q20yxjIocU1qehXjtaxoIJJ0SRbufcvFE_MmkMfZE427pe38FWcg
.huntress.com/	1970-01-20 21:48:15	Name: _rdt_uuid Value: 1712319466691.6e543f2c-4b45-4793-96ba-16f109bcbd12
tracking.g2crowd.com/	1970-01-20 19:58:49	Name: _session_id Value: decc2c702502d21056cb397bbd0b03d4
.g2crowd.com/	1970-01-20 19:38:41	Name: __cf_bm Value: dXSWalCUEBM_sbH4kQoA2whHiQ.oMhFJJBD_SBgLYGA-1712319466-1.0.1.1-yfF2pHXO9jgEiAK_aJFWs8dQUw.78OyWiho26MJOsZlZXxCouxKwdnvpS4qHJu_a0UuVX8KcGjnc_uHajqfKuA
.huntress.com/	1970-01-20 19:40:05	Name: _uetsid Value: 8312e270f34611ee9394b3a296627da1
.huntress.com/	1970-01-21 05:00:15	Name: _uetvid Value: 83132150f34611ee8eb0b94c58d92b5e
www.huntress.com/	1970-01-21 04:24:15	Name: sa-user-id Value: s%253A0-54837735-3aa2-5ea3-448f-639b972d75f0.G5lBsa%252FEldpabPOLsU8YSpWvZeoq9hl3hfehnMwWW9M
www.huntress.com/	1970-01-21 04:24:15	Name: sa-user-id-v2 Value: s%253AVIN3NTqiXqNEj2Obly118Nly2hc.tnvvhMbhfoxXGJt%252Ff3vPN1k77ZmM3F2HPZ%252BpZT3O8%252BI
www.huntress.com/	1970-01-21 04:24:15	Name: sa-user-id-v3 Value: s%253AAQAKILc9PIkZuxhl46XHtKlu9P0kXauNH8-16qqjDPa18azmEHwYBCDq17-wBjABOgT7-sM6QgSfkzDX.%252Bcgn35FtUMODizOY3KK6eeF8c88O3LUehjO6DfJolMY
www.huntress.com/	1970-01-21 04:24:15	Name: Metadata_visitor_id Value: lummssg46og0m1o9lvs
www.huntress.com/	1970-01-20 19:38:41	Name: Metadata_session_id Value: lummssg50gnireqog4qo
.huntress.com/	1970-01-20 19:38:41	Name: _sp_ses.1564 Value: *
.huntress.com/	1970-01-21 05:14:39	Name: _sp_id.1564 Value: 89502140-469d-4872-b4ac-1c4e5fbae771.1712319467.1.1712319467.1712319467.4c6a769d-db76-4919-a66f-78334713d588
.bing.com/	1970-01-21 05:00:15	Name: MUID Value: 092AD1E4FD6869EB3E41C5BCFCC468B6
.huntress.com/	1970-01-20 21:48:15	Name: _fbp Value: fb.1.1712319466904.741216021
.linkedin.com/	1970-01-20 21:48:15	Name: li_sugr Value: 2a305266-b1e7-400c-abab-42e8404dc92f
.huntress.com/	1970-01-21 04:24:15	Name: _hjSessionUser_2159185 Value: eyJpZCI6IjBmYTMxOTc5LTFiZjgtNWQwMi1hNGJjLWJiZTcwZWIyMzMyMSIsImNyZWF0ZWQiOjE3MTIzMTk0NjY5NTYsImV4aXN0aW5nIjp0cnVlfQ==
.huntress.com/	1970-01-20 19:38:41	Name: _hjSession_2159185 Value: eyJpZCI6IjM4NDc0ZTBmLTQ5NTMtNGI2Zi1hNDQ1LWUxMjQ1ZTc3YmViZCIsImMiOjE3MTIzMTk0NjY5NTcsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-20 19:40:05	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2774:u=1:x=1:i=1712319466:t=1712405866:v=2:sig=AQGlhnF388amYRg_rKZvn_-Qd7E3PkpX"
.t.co/	1970-01-21 05:14:39	Name: muc_ads Value: 6022852c-afb2-40d8-b73f-dbfc10a8e079
.twitter.com/	1970-01-21 05:14:39	Name: guest_id_marketing Value: v1%3A171231946688667702
.twitter.com/	1970-01-21 05:14:39	Name: guest_id_ads Value: v1%3A171231946688667702
.twitter.com/	1970-01-21 05:14:39	Name: personalization_id Value: "v1_fRZxbB/7+5KrdbEdyn8SNA=="
.twitter.com/	1970-01-21 05:14:39	Name: guest_id Value: v1%3A171231946688667702
www.clarity.ms/	1970-01-21 04:24:15	Name: CLID Value: 3ce05ca8bebc46b0953fdfb102cccda7.20240405.20250405
.linkedin.com/	1970-01-20 20:21:51	Name: UserMatchHistory Value: AQLi60fbkpWC_gAAAY6uMY3oTuu7Ia-mxhPJDxYIIVB6Y0gP7hI5Lm7MY_s2Wh08k91hmuz7CluE4A
.linkedin.com/	1970-01-20 20:21:51	Name: AnalyticsSyncHistory Value: AQK2Y8lKT9JDTAAAAY6uMY3onsrsnOcydJcyy2M3rvl78O1l8K1L9bHYHrzLgH4rf3iN02NAQ1pCozBOClCf9Q
.linkedin.com/	1970-01-21 04:24:15	Name: bcookie Value: "v=2&a9eb9f15-7239-4299-8fdd-da6d767390a0"
.huntress.com/	1970-01-21 04:24:15	Name: _clck Value: g838sg%7C2%7Cfko%7C0%7C1556
.hsforms.com/	1970-01-20 19:38:41	Name: __cf_bm Value: v0wb14U3YFpnMBaasXcWPHUDDEnZG0XA1_2XSchosvo-1712319467-1.0.1.1-D8bRAGclSrHFYKLrmXheGEg8xT0IgbVo8tuuGDebyuwVq4zn6bpfjQidzhTN1mCWWUZVs_pkoyioj_4x7eFs1A
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 6uUyDTQTABWXy.5C9OJ0YRzTklcAXDicXy0cJtiMHvY-1712319467216-0.0.1.1-604800000
.www.linkedin.com/	1970-01-21 04:24:15	Name: bscookie Value: "v=1&2024040512174713aec7bb-bf3d-4a57-82d9-dd4cc3dd4ae1AQHYIjAhO5OottXH9R9YwbaSrK7fDQEW"
.linkedin.com/	1970-01-20 23:57:51	Name: li_gc Value: MTswOzE3MTIzMTk0Njc7MjswMjFn4cyi8ZH0Ki15f3V9ztg7nTMwO34N5HsNvK/OSykzcA==
www.huntress.com/	1970-01-20 19:38:41	Name: drift_campaign_refresh Value: 2818b29d-b8c3-47b4-b43b-d084426f4aac
www.huntress.com/	1970-01-21 05:14:39	Name: _gd_visitor Value: 61bf7e05-adb9-43a9-8cd5-8eb289d37c03
www.huntress.com/	1970-01-20 19:38:53	Name: _gd_session Value: 7f9a496a-336f-431f-86e5-d6d44048467d
.huntress.com/	1970-01-20 19:40:05	Name: _clsk Value: 14x2xky%7C1712319467892%7C1%7C1%7Ci.clarity.ms%2Fcollect
.adnxs.com/	1970-01-21 05:14:39	Name: receive-cookie-deprecation Value: 1
www.huntress.com/	1970-01-20 19:48:44	Name: _an_uid Value: 0
.c.bing.com/	1970-01-20 19:48:44	Name: MR Value: 0
.c.bing.com/	1970-01-21 05:00:15	Name: SRM_B Value: 092AD1E4FD6869EB3E41C5BCFCC468B6
.hubspot.com/	1970-01-20 19:38:41	Name: __cf_bm Value: 9DVwMb66A4xgsqgrzKZAsEQedJ9BAZV3PbLW4hLgIiY-1712319467-1.0.1.1-lsM6cnWmCzRUczusQSycsASLcSvWDJtw51LGSa_Ljvl3R_bplODCigWX2MinW3lzMrg2I3sK_m5mq_qYIJK2gg
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: zmL7hyTUe16sdBi6X9wwwhUmNEe6Y7l1curY8pL0skg-1712319467971-0.0.1.1-604800000
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 05:00:15	Name: MUID Value: 092AD1E4FD6869EB3E41C5BCFCC468B6
.c.clarity.ms/	1970-01-20 19:48:44	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 19:38:40	Name: ANONCHK Value: 0
.6sc.co/	1970-01-21 05:14:39	Name: 6suuid Value: ce641102aae90c00eceb0f66cf0000008c890400
.www.huntress.com/	1970-01-21 04:24:15	Name: _zitok Value: 6a4d38df79c1daaafc1a1712319468
.zoominfo.com/	1970-01-20 19:38:41	Name: __cf_bm Value: GA87XFGdbgd3I5PupG_oIzeReRCgdh0CQYXPxlweHps-1712319469-1.0.1.1-x2HEDBPq3RVOtPxpdiIyzdRApWMWyoTIZYly3eZKbk0tMcebSQ5GUSS9IJE55YfRP58RILSdNAr4XoNqIku6nQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: men17AhZ5Lgi3UCtnFVw45zskvAbwy60aTK7l.S4Jqw-1712319469222-0.0.1.1-604800000
www.huntress.com/	1970-01-21 05:14:39	Name: drift_aid Value: 40d07569-9b5a-4fa0-8160-ac52c7e0ef70
www.huntress.com/	1970-01-21 05:14:39	Name: driftt_aid Value: 40d07569-9b5a-4fa0-8160-ac52c7e0ef70

159 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 804) Message: Unrecognized feature: 'web-share'.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 882) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass(Line 1408) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/403957864408442?v=2.9.152&r=stable&domain=www.huntress.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
alb.reddit.com
analytics.twitter.com
api-gw.metadata.io
api.neverbounce.com
assets-global.website-files.com
assets.website-files.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.metadata.io
cdn.neverbounce.com
client-registry.mutinycdn.com
connect.facebook.net
cta-service-cms2.hubspot.com
d3e54v103j8qbb.cloudfront.net
forms.hscollectedforms.net
forms.hsforms.com
gist.github.com
github.githubassets.com
google.com
hubspotonwebflow.com
huntresscdn.com
i.clarity.ms
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.na.chilipiper.com
js.zi-scripts.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
rc-widget-frame.js.driftt.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tools.refokus.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
webhooks.fivetran.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.huntress.com
www.linkedin.com
www.redditstatic.com
www.youtube.com
104.16.137.15
104.16.85.20
104.17.239.249
104.18.160.125
104.244.42.195
104.244.42.5
13.107.42.14
13.32.27.54
140.82.121.3
142.250.185.196
142.250.185.206
142.250.186.35
146.75.120.157
151.101.1.91
162.159.153.247
172.64.150.44
18.244.20.40
18.245.46.122
18.245.86.87
18.66.102.11
18.66.147.59
185.199.110.154
2.17.100.210
2001:4860:4802:34::36
2600:9000:21f3:2800:12:9e5f:cac0:93a1
2600:9000:223c:b400:9:d7d4:1380:93a1
2600:9000:235a:0:11:3b84:d200:93a1
2606:4700:20::681a:1ad
2606:4700:4400::ac40:90e1
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:4cba
2606:4700::6810:6efe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8dd1
2606:4700::6811:e3a3
2606:4700::6812:8911
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::237
2a00:1450:4001:806::2003
2a00:1450:4001:80b::200e
2a00:1450:4001:828::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c00::9c
2a02:26f0:3500:16::215:1490
2a02:26f0:480:23::1726:62a7
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42::396
3.230.6.246
3.65.91.158
34.111.208.231
34.111.224.162
34.159.227.151
34.249.200.254
37.252.171.21
52.167.85.21
52.45.52.13
54.71.94.159
68.219.88.97
76.76.21.241
76.76.21.61
0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1
00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c
02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e
031ac081c388503c078347630e6db5e0590befc22f345050a050f9b0a79d5083
037a17512985e112e6b64b0534e3953dfca28420d2cab55f7771a7dd22a79918
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0eb1d1903c6765eb52f6fba4dd782620116b398b8f11de986533eafcd838b616
10ef3ba5308697292067120aee8cea7f3341a9a5e691475bc4a29805a5194939
1402811141d6cf6956918acd3398468bd385081a50b90a5d251fe7a3312c0801
14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
1b1dfe9d6e215d258be237784311cfbc7ab31f747762080708ca442f1d3bdb7c
1b7c07a1a6686f252990c3165925b5ca16269e5b2aa0b765fd28b17594c4a77f
215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79
22b1fb6f9f99cbad02dd31a2a03ad13f70ff07bd59d1e584b17766708c58d4d1
2791bb4bda1252e862eef1143ff121bc0825a112166291e2c760cba8c7575e40
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083
36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2
3958a93184f498eaa140c746fa8b3ce7e540d38898f2b1c1acf9c7e8f6c5f429
39dd768727349c07dafbe5413239bce1bb5b8ff534e3846ae4ec2f335770fda0
3d9f49166505c59f2cecf5d0e790ee32f3049e93d0ccfea46603d224a3ee784e
3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e938e5b4fe364bd2d00ec08067f98aa54b1398df28287257b8434012ff20033
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8
558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d
56ca8f0d6314136eeb319281448c5f652abea4df2061d2c42752380d76b742dc
57ffc529e595ef597763756d17f524e74cb7f674da8db014f0ba70f78432cb6e
5af5ee0b37b1f0ef31c42932bbf81424e4bb53e95e87a47e058625c1af2245db
5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
60ba63f369e9131ebda235cb154f2204acf3f5cb6de3dcf289d933ad5eebf778
65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c
66110db15bc55fa902401f14c8f25083dd0f7cfde33de392631a20f77312d017
66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0
67786077050307fcffb9795d3f5fd2a2e5d3956e692181609fee98693604d321
69df4becef48bcb1dc225a69f501f3e553c2daa441ffc6fdcfc389caff7d9904
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f
6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2
71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
74eeb7d68caa91529c2eb3d822c13adee8d1fd247b0f3b082d84d6da51825919
75207b3d45aa1547d8d1d1d65885b806d14c1539fecb9b31bba345ef682e0f00
75bb32a2e2126660c4f0883898ae834da739f3eeeb1b888bdab2e3044927ce85
7e6099f8d59d29c1446e0d06b18e6213da825582d128799560094a5ecdfae5a7
7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
85a881fba590ac097d83e7d5397c82c99d9538ac482af8f10a3e5886393cfc85
86f3464b435f45ef498bc2a621cad3de242cfae23932b1f8a02244309a68173b
889e4055351e629718cc9647a7f696cb4fb1e246bcf29bd25e2f8ce5105c27b5
89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a
9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c
9551e65f192e4bd73b1c721166dd77e45a1f3ed2b9fb841c7779a07e1fd6a5af
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a03c63b7757de92a9b204e6c7809d61430bb1b1c363c4ae37b1ec7cad3e93c79
a161369b576860ce9654480562ba1ddeafe81f9ad5ee8f7db2fb00f4892a4b8f
a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e
a447d3663b55765c353cd2d4067634356183f5589b5af36e703e452926669f0e
a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898
a4f1eb17105eabb75b4750c05f469c570e3c18cc79aab3fdd2dfc8d657ca7266
a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec
aa067c3f9d762c4b27d7593b347b627735508a13e79d5ff35cf109b5f297dedf
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36
ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111
b36258e8c01dca280ee735325ce27bf09bbaf656af7fcdde5e8a564936127769
b4bf8910a202b24bd61be26e28eaa8c5f83a48d78999b2693a9cbdf4c9910cf1
b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb
b9662a50703853ca2a318262d930668b8ae42333c6b413a424d0296212c40865
b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995
bbfae0a3b7da32ea92fc730b3a357f2aa5b39b596f4711a8c02ed2d901d12fb7
c12f11d824a0e7cb513ff4574c1664ac5c3949efc35896edeb0612fe45f1c00b
c941f00d48c6862b10e44acb44ac28685c9e58f9f3ea97b308d0b22915598013
c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
d204379e8ce79fa8140107c2ef57def0f66a3ed415cc023286e6e6676874d917
d9af2551784a3f4116f8ed6d1ec5e7bb3b619e3a8ed3a0399eb3bbe375b2775a
dae47b8a97cc1b620189dde91132381608aa694f536691fb272780fd1f45e4c1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d5c28787419e7eaee569549d12df6ea9b1e7aa76e6f2a08b28ab812bfc1486
ebcc80bf5e0568d173b31bee579c02a725832f916de3656f7a36f94df865d168
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a
f17723e05ced08cbee817fc6c8327965f4fcd1f32aea681868acc75218330462
f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0
f624c5aded15609cc66783186c27fee142ba8e895793973e783d4bf448dfc17d
f6de8eff2f2f46b4d3e24716caa22af17db498dfbbc0ae5e984d7ea8b098f7d8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa8204005ed25e30f3ee56dbad3afa3c011e12636e75decf2b1aaf22a1c326dd
fa8cabe3021c19ba54e07d28a7722cd4bfdef39dea07207518113f7e161166bb
fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48
fc90151afd381bc28059a000eeb19a424415d83258b07bc0577fe3988e814ed0
fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe98d4f9df17e0bd91b2f4239e19d018ae53455a8bf50f448d38b287d7c36e05

www.huntress.com Open in urlscan Pro 34.249.200.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

152 Requests

98 %HTTPS

44 %IPv6

49 Domains

70 Subdomains

65 IPs

5 Countries

2949 kBTransfer

7337 kBSize

65 Cookies

27 Outgoing links

Page URL History

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.huntress.com Open in urlscan Pro
34.249.200.254 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

98 %
HTTPS

44 %
IPv6

49
Domains

70
Subdomains

65
IPs

5
Countries

2949 kB
Transfer

7337 kB
Size

65
Cookies

152 HTTP transactions
0 data transactions