cfengine.com Open in urlscan Pro
34.107.174.45 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/
Submission: On March 15 via api (March 15th 2022, 9:33:45 am UTC) from SE — Scanned from DE

Summary HTTP 27 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 27 HTTP transactions. The main IP is 34.107.174.45, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is cfengine.com.
TLS certificate: Issued by GTS CA 1D4 on February 18th 2022. Valid for: 3 months.

This is the only time cfengine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	34.107.174.45 34.107.174.45	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
27	3

22 34.107.174.45 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 45.174.107.34.bc.googleusercontent.com

cfengine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

www.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	cfengine.com cfengine.com	61 KB
4	gstatic.com fonts.gstatic.com	97 KB
1	gravatar.com www.gravatar.com — Cisco Umbrella Rank: 3849	4 KB
27	3

	Domain	Requested by
22	cfengine.com	cfengine.com
4	fonts.gstatic.com	cfengine.com
1	www.gravatar.com	cfengine.com
27	3

This site contains links to these domains. Also see Links.

Domain
github.com
docs.cfengine.com
support.northern.tech
build.cfengine.com
twitter.com
www.linkedin.com
www.facebook.com
cve.mitre.org
web.libera.chat
northern.tech
www.youtube.com

Subject Issuer	Validity	Valid
cfengine.com GTS CA 1D4	`2022-02-18` - `2022-05-19`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/
Frame ID: 04001A5960028B4664EF12624F2900D0
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2021-44215 & CVE-2021-44216

Detected technologies

Gravatar (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<[^>]+gravatar\.com/avatar/

Page Statistics

27
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

163 kB
Transfer

415 kB
Size

0
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/cfengine
Title: GitHub

Search URL Search Domain Scan URL

URL: https://docs.cfengine.com/
Title: Docs

Search URL Search Domain Scan URL

URL: https://support.northern.tech/hc/en-us
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://build.cfengine.com/
Title: Visit the page

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://cfengine.com%2fblog%2f2022%2fcve-2021-44215-and-cve-2021-44216%2f&text=CVE-2021-44215%20%26%20CVE-2021-44216&via=

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https://cfengine.com%2fblog%2f2022%2fcve-2021-44215-and-cve-2021-44216%2f&title=CVE-2021-44215%20%26%20CVE-2021-44216

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://cfengine.com%2fblog%2f2022%2fcve-2021-44215-and-cve-2021-44216%2f

Search URL Search Domain Scan URL

URL: https://support.northern.tech/
Title: support

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44215
Title: the official public CVE registry

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44216
Title: the official public CVE registry

Search URL Search Domain Scan URL

URL: https://web.libera.chat/?channel=#cfengine
Title: IRC

Search URL Search Domain Scan URL

URL: https://docs.cfengine.com/docs
Title: Documentation

Search URL Search Domain Scan URL

URL: https://northern.tech/about-us/mission-strategy
Title: About Us

Search URL Search Domain Scan URL

URL: https://northern.tech/legal
Title: Legal

Search URL Search Domain Scan URL

URL: https://northern.tech/careers/open-positions
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/CFEngine

Search URL Search Domain Scan URL

URL: https://twitter.com/cfengine

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cfengine/

Search URL Search Domain Scan URL

URL: https://northern.tech/legal/cookies
Title: cookie policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/ 36 KB
9 KB 170ms
111ms Document
text/html 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

45ce2a888750cffbccffbce130b4118148c4c386fe908d7f1ec5cd609b9cb5af

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Tue, 15 Mar 2022 09:33:41 GMT
content-type: text/html
content-length: 8373
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
etag: "6220e857-20b5"
content-encoding: gzip
content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
referrer-policy: strict-origin
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 style.min.css
cfengine.com/css/ 79 KB
13 KB 117ms
116ms Stylesheet
text/css 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfengine.com/css/style.min.css

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b7bc787f8b9827f3317617787bd50d77629a1f787577d6ef513ffc5900e77da4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12981
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:10:00 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: text/css
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e858-32b5"

GET
H2 200 all.min.css
cfengine.com/css/fa/ 58 KB
13 KB 110ms
109ms Stylesheet
text/css 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfengine.com/css/fa/all.min.css

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

93f2c64af5ef3c59027a6d26c0291b351d5f8b34874020291b278e93e48c0fff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12824
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:10:00 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: text/css
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e858-3218"

GET
H3 200 cfengine-logo.svg
cfengine.com/images/ 15 KB
4 KB 119ms
118ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/cfengine-logo.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7c365e5404ed90a407ad27ed58dd0fe273edb610d79f8bb98dafcc83dc7b6132

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4386
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-1122"

GET
H3 200 arrow-down.svg
cfengine.com/images/ 200 B
224 B 109ms
108ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/arrow-down.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

d36ebb4c7f4c63071becb412b29453867d87f65bc05864e6f74a82df8fb9b01e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-c8"
accept-ranges: bytes

GET
H3 200 cfengine_build_logo.svg
cfengine.com/developers/ 12 KB
4 KB 113ms
109ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/developers/cfengine_build_logo.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

d41636c0a78ce76fc6d66260c440ee2006a8b42eeb80ccbe91492b166a8d7921

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4464
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:10:00 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e858-1170"

GET
H3 200 circle-arrow.svg
cfengine.com/images/ 1 KB
648 B 114ms
109ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/circle-arrow.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

fec8f2de86ec962c5bc5f6952da0878a54a1583e43fbb43f520bfcec20adcb6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 624
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-270"

GET
H3 200 closed-menu.svg
cfengine.com/images/ 388 B
412 B 115ms
110ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/closed-menu.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

9aff3e561bfbea379174623dd2f14cd4f2adc69628da58d66b406edd787fa793

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 388
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-184"
accept-ranges: bytes

GET
H3 200 close.svg
cfengine.com/images/ 1 KB
618 B 112ms
108ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/close.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

cdbf2562010656663b94125e2727839ff795e21be9178d5e89f41b18ed24fe60

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 594
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-252"

GET
H2 200 9edd6bf4229ae8385eca2ef5a64692ce
www.gravatar.com/avatar/ 4 KB
4 KB 35ms
7ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gravatar.com/avatar/9edd6bf4229ae8385eca2ef5a64692ce?s=100&d=identicon
Requested by: Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0eafea4cdb15232b74a8a9d0592b2eeb9c16bda1341ec1a2cf2b03f116936319

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Mar 2022 09:33:41 GMT
last-modified: Mon, 22 Dec 2014 21:02:59 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="9edd6bf4229ae8385eca2ef5a64692ce.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/9edd6bf4229ae8385eca2ef5a64692ce?s=100&d=identicon>; rel="canonical"
content-length: 4196
expires: Tue, 15 Mar 2022 09:38:41 GMT

GET
H3 200 line-gradient.svg
cfengine.com/images/ 679 B
703 B 113ms
109ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/line-gradient.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

fdad72235b949f7066cdc618ff253bf9a0009c0d3a9fe7ca292f22dd810feede

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 679
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-2a7"
accept-ranges: bytes

GET
H3 200 twitter-share-icon.svg
cfengine.com/images/ 998 B
1022 B 114ms
110ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/twitter-share-icon.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

18020f96d6e167816e71da93a1cf3433167af8e6760a46662d1a326c688dd035

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 998
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-3e6"
accept-ranges: bytes

GET
H3 200 linkedin-share-icon.svg
cfengine.com/images/ 858 B
882 B 114ms
110ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/linkedin-share-icon.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

31cc4dd9d81ddd69ddb286ff92fdaeeadb709d69d1b50cef4907bf1fa4c51a0a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 858
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-35a"
accept-ranges: bytes

GET
H3 200 facebook-share-icon.svg
cfengine.com/images/ 667 B
691 B 115ms
111ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/facebook-share-icon.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

88545b6ade799edeea6ae6bf9190a33a26df7c132355f5d350ebe3709cf72dd6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 667
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-29b"
accept-ranges: bytes

GET
H3 200 sla-background.svg
cfengine.com/images/features/ 5 KB
1 KB 116ms
112ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/features/sla-background.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

0dc872fd92124ae8fecc47341628fdbd69df93d81a6acc56f691c814ba0c83b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1275
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-4fb"

GET
H3 200 comments.svg
cfengine.com/images/ 375 B
399 B 115ms
111ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/comments.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

f6ca66b77c84d553636db16cbf0365bbe937c956a53bcea8aacb90cf3381a873

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 375
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-177"
accept-ranges: bytes

GET
H3 200 mail.svg
cfengine.com/images/ 1 KB
600 B 116ms
113ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/mail.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

0bad33587d722bf6d2e0859d059015e64461b16aefed89fcec7dafad14e366a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 576
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-240"

GET
H3 200 cfengine-logo-white.svg
cfengine.com/images/ 15 KB
4 KB 118ms
115ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/cfengine-logo-white.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

f5257246484379bab86d516ff39bc5606d8e6a0b98be6d11aa1e52df309092a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4423
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-1147"

GET
H3 200 footer-background-right.svg
cfengine.com/images/ 5 KB
1 KB 129ms
125ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/footer-background-right.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

2e53d957342099ca3bc11897696552ce83e86dbc93fd6ea6187f8247f07316da

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1273
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-4f9"

GET
H3 200 footer-background-left.svg
cfengine.com/images/ 5 KB
1 KB 210ms
207ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/footer-background-left.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

50744bb66ebd6eb68f0fe98ee5df41e23170794465f25038ded1b1a6227c70a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1181
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
via: 1.1 google
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e857-49d"

GET
H3 200 main.js Show response
cfengine.com/js/ 2 KB
2 KB 110ms
109ms Script
application/javascript 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfengine.com/js/main.js

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

65a84564ba9017a8be4233babc7373a042dc4c06967e964c20e7f860c7cb0a80

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1922
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: application/javascript
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-782"
accept-ranges: bytes

GET
H3 200 cookie-consent.js Show response
cfengine.com/js/ 2 KB
2 KB 206ms
202ms Script
application/javascript 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfengine.com/js/cookie-consent.js

Requested by

Host: cfengine.com
URL: https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4587d7cf2cc3a9e2e54820ba60bb340117dfaa06e86c8f4ff11b7442053b0149

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1919
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: application/javascript
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-77f"
accept-ranges: bytes

GET
H2 200 8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbl6Wckg.ttf
fonts.gstatic.com/s/redhatdisplay/v11/ 42 KB
25 KB 126ms
40ms Font
font/ttf 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhatdisplay/v11/8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbl6Wckg.ttf

Requested by

Host: cfengine.com
URL: https://cfengine.com/css/style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c664beb14208809c24ae0094e3c7e8b525ca9bfc7cc55659edec85f7ebd32e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cfengine.com/
Origin: https://cfengine.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 15:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 584437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24928
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 01:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 15:13:04 GMT

GET
H2 200 8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbmyWckg.ttf
fonts.gstatic.com/s/redhatdisplay/v11/ 42 KB
23 KB 177ms
98ms Font
font/ttf 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhatdisplay/v11/8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbmyWckg.ttf

Requested by

Host: cfengine.com
URL: https://cfengine.com/css/style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e62a3112e681738a50f3a5e0fed1d3428fcd5742553a2d22c77faa59a1db6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cfengine.com/
Origin: https://cfengine.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 18:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23895
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 01:49:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 18:27:16 GMT

GET
H3 200 orange-list-icon.svg
cfengine.com/images/ 170 B
194 B 185ms
185ms Image
image/svg+xml 34.107.174.45
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cfengine.com/images/orange-list-icon.svg

Requested by

Host: cfengine.com
URL: https://cfengine.com/css/style.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.174.45 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

45.174.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b74c606c045b5dc7809cf0bc09dd2532d8db70499912b7135c6945a6796da968

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cfengine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
via: 1.1 google
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 03 Mar 2022 16:09:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Tue, 15 Mar 2022 09:33:41 GMT
strict-transport-security: max-age=31536000;
content-type: image/svg+xml
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
etag: "6220e83a-aa"
accept-ranges: bytes

GET
H2 200 8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbouRckg.ttf
fonts.gstatic.com/s/redhatdisplay/v11/ 42 KB
24 KB 187ms
116ms Font
font/ttf 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhatdisplay/v11/8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbouRckg.ttf

Requested by

Host: cfengine.com
URL: https://cfengine.com/css/style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f15d06b44e374a921568aec249dd93cd9cb4d33210a1e8844d606d746afd8c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cfengine.com/
Origin: https://cfengine.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 12:18:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 594935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24958
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 01:49:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 12:18:06 GMT

GET
H2 200 8vIh7wUr0m80wwYf0QCXZzYzUoTg-CSvZX4Vlf1fe6TVmgsz_Q.ttf
fonts.gstatic.com/s/redhatdisplay/v11/ 43 KB
24 KB 149ms
79ms Font
font/ttf 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhatdisplay/v11/8vIh7wUr0m80wwYf0QCXZzYzUoTg-CSvZX4Vlf1fe6TVmgsz_Q.ttf

Requested by

Host: cfengine.com
URL: https://cfengine.com/css/style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a30f9aa2eb4b3adecba10561eae01f41d5d00ba7cdd37228076d3470f5702b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cfengine.com/
Origin: https://cfengine.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 07:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 525760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24795
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:42:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 07:31:01 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| copy

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cfengine.com
fonts.gstatic.com
www.gravatar.com
2a00:1450:4001:803::2003
2a04:fa87:fffe::c000:4902
34.107.174.45
0bad33587d722bf6d2e0859d059015e64461b16aefed89fcec7dafad14e366a1
0dc872fd92124ae8fecc47341628fdbd69df93d81a6acc56f691c814ba0c83b9
0eafea4cdb15232b74a8a9d0592b2eeb9c16bda1341ec1a2cf2b03f116936319
18020f96d6e167816e71da93a1cf3433167af8e6760a46662d1a326c688dd035
2e53d957342099ca3bc11897696552ce83e86dbc93fd6ea6187f8247f07316da
31cc4dd9d81ddd69ddb286ff92fdaeeadb709d69d1b50cef4907bf1fa4c51a0a
4587d7cf2cc3a9e2e54820ba60bb340117dfaa06e86c8f4ff11b7442053b0149
45ce2a888750cffbccffbce130b4118148c4c386fe908d7f1ec5cd609b9cb5af
50744bb66ebd6eb68f0fe98ee5df41e23170794465f25038ded1b1a6227c70a1
65a84564ba9017a8be4233babc7373a042dc4c06967e964c20e7f860c7cb0a80
7c365e5404ed90a407ad27ed58dd0fe273edb610d79f8bb98dafcc83dc7b6132
88545b6ade799edeea6ae6bf9190a33a26df7c132355f5d350ebe3709cf72dd6
8c664beb14208809c24ae0094e3c7e8b525ca9bfc7cc55659edec85f7ebd32e7
93f2c64af5ef3c59027a6d26c0291b351d5f8b34874020291b278e93e48c0fff
9aff3e561bfbea379174623dd2f14cd4f2adc69628da58d66b406edd787fa793
a30f9aa2eb4b3adecba10561eae01f41d5d00ba7cdd37228076d3470f5702b8a
b74c606c045b5dc7809cf0bc09dd2532d8db70499912b7135c6945a6796da968
b7bc787f8b9827f3317617787bd50d77629a1f787577d6ef513ffc5900e77da4
cdbf2562010656663b94125e2727839ff795e21be9178d5e89f41b18ed24fe60
d36ebb4c7f4c63071becb412b29453867d87f65bc05864e6f74a82df8fb9b01e
d41636c0a78ce76fc6d66260c440ee2006a8b42eeb80ccbe91492b166a8d7921
f0e62a3112e681738a50f3a5e0fed1d3428fcd5742553a2d22c77faa59a1db6f
f15d06b44e374a921568aec249dd93cd9cb4d33210a1e8844d606d746afd8c71
f5257246484379bab86d516ff39bc5606d8e6a0b98be6d11aa1e52df309092a6
f6ca66b77c84d553636db16cbf0365bbe937c956a53bcea8aacb90cf3381a873
fdad72235b949f7066cdc618ff253bf9a0009c0d3a9fe7ca292f22dd810feede
fec8f2de86ec962c5bc5f6952da0878a54a1583e43fbb43f520bfcec20adcb6c

cfengine.com Open in urlscan Pro 34.107.174.45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

163 kBTransfer

415 kBSize

0 Cookies

19 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

cfengine.com Open in urlscan Pro
34.107.174.45 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

163 kB
Transfer

415 kB
Size

0
Cookies

27 HTTP transactions
0 data transactions