www.mandiant.com Open in urlscan Pro
162.159.241.125 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mandiant.com/resources/hunting-deserialization-exploits
Submission: On January 19 via manual (January 19th 2022, 6:05:32 pm UTC) from US — Scanned from US

Summary HTTP 98 Redirects Links 51 Behaviour Indicators

Summary

This website contacted 34 IPs in 2 countries across 31 domains to perform 98 HTTP transactions. The main IP is 162.159.241.125, located in and belongs to CLOUDFLARENET, US. The main domain is www.mandiant.com. The Cisco Umbrella rank of the primary domain is 614007.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 4th 2021. Valid for: a year.

This is the only time www.mandiant.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	162.159.241.125 162.159.241.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.159.246.125 162.159.246.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 9	142.251.32.100 142.251.32.100	15169 (GOOGLE) (GOOGLE)
2	172.67.39.148 172.67.39.148	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.42.111 99.84.42.111	16509 (AMAZON-02) (AMAZON-02)
5	142.250.80.8 142.250.80.8	15169 (GOOGLE) (GOOGLE)
9	142.250.65.163 142.250.65.163	15169 (GOOGLE) (GOOGLE)
2	23.10.86.114 23.10.86.114	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	151.101.248.157 151.101.248.157	54113 (FASTLY) (FASTLY)
1	184.51.146.152 184.51.146.152	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
1 4	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	23.217.47.10 23.217.47.10	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.225.230.15 13.225.230.15	16509 (AMAZON-02) (AMAZON-02)
1	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	68.67.181.207 68.67.181.207	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.200.179.101 34.200.179.101	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
2 6	142.251.40.166 142.251.40.166	15169 (GOOGLE) (GOOGLE)
5	142.251.40.110 142.251.40.110	15169 (GOOGLE) (GOOGLE)
4 4	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	104.18.101.194 104.18.101.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.125.50 99.84.125.50	16509 (AMAZON-02) (AMAZON-02)
2 2	34.232.192.29 34.232.192.29	14618 (AMAZON-AES) (AMAZON-AES)
1 3	13.225.230.34 13.225.230.34	16509 (AMAZON-02) (AMAZON-02)
2 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2	142.251.41.2 142.251.41.2	15169 (GOOGLE) (GOOGLE)
1	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
1	40.90.64.8 40.90.64.8	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	20.36.253.92 20.36.253.92	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.123.154 142.250.123.154	15169 (GOOGLE) (GOOGLE)
3	20.75.32.255 20.75.32.255	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
98	34

21 162.159.241.125 (None, )

ASN13335 (CLOUDFLARENET, US)

www.mandiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.246.125 (None, )

ASN13335 (CLOUDFLARENET, US)

www.fireeye.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.32.100 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.39.148 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.42.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-42-111.ewr52.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.80.8 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.65.163 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.10.86.114 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-10-86-114.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

565-pei-952.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.248.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.51.146.152 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-51-146-152.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.79.197.200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.217.47.10 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-47-10.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.230.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-230-15.jfk51.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.20 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.181.207 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.179.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-179-101.compute-1.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.251.40.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f6.1e100.net

11363283.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.40.110 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.107.42.14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.101.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.125.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-125-50.ewr52.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.232.192.29 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-192-29.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.230.34 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-230-34.jfk51.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.41.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.90.64.8 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.36.253.92 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.123.154 (United States)

ASN15169 (GOOGLE, US)
PTR: gh-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.75.32.255 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

b.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	mandiant.com www.mandiant.com — Cisco Umbrella Rank: 614007	2 MB
11	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	49 KB
9	gstatic.com www.gstatic.com	789 KB
8	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 11363283.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 96	3 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 9102 c.6sc.co — Cisco Umbrella Rank: 13654 b.6sc.co — Cisco Umbrella Rank: 6546	14 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1498 c.clarity.ms — Cisco Umbrella Rank: 917 b.clarity.ms — Cisco Umbrella Rank: 3284	24 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	222 KB
4	company-target.com 1 redirects api.company-target.com — Cisco Umbrella Rank: 3850 segments.company-target.com — Cisco Umbrella Rank: 1306	3 KB
4	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 546 www.linkedin.com — Cisco Umbrella Rank: 647	3 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 385 c.bing.com — Cisco Umbrella Rank: 273	12 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	134 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 738	451 B
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 524	1019 B
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 642	539 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 15490	648 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3672	6 KB
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4404	26 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	407 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 404	692 B
1	t.co t.co — Cisco Umbrella Rank: 487	335 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 537	457 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 612	322 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 5648	16 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1098	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 630	6 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 367	13 KB
1	mktoresp.com 565-pei-952.mktoresp.com	311 B
1	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3544	370 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	5 KB
1	fireeye.com www.fireeye.com — Cisco Umbrella Rank: 250128	1019 B
98	31

	Domain	Requested by
21	www.mandiant.com	www.mandiant.com
9	www.gstatic.com	www.google.com
9	www.google.com	1 redirects www.mandiant.com www.gstatic.com
6	11363283.fls.doubleclick.net	2 redirects www.googletagmanager.com
6	b.6sc.co
5	www.google-analytics.com	www.googletagmanager.com
5	www.googletagmanager.com	www.mandiant.com www.googletagmanager.com
3	b.clarity.ms	www.clarity.ms
3	segments.company-target.com	1 redirects
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	c.clarity.ms	1 redirects
2	adservice.google.com	11363283.fls.doubleclick.net
2	id.rlcdn.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	p.adsymptotic.com	1 redirects
2	epsilon.6sense.com	j.6sc.co
2	munchkin.marketo.net	www.mandiant.com munchkin.marketo.net
2	static.addtoany.com	www.mandiant.com static.addtoany.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	c.bing.com	1 redirects
1	www.clarity.ms	bat.bing.com
1	www.facebook.com
1	api.company-target.com	tag.demandbase.com
1	www.linkedin.com	1 redirects
1	googleads.g.doubleclick.net
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	bam.nr-data.net	js-agent.newrelic.com
1	tag.demandbase.com	www.mandiant.com
1	j.6sc.co	www.mandiant.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	js-agent.newrelic.com	www.mandiant.com
1	565-pei-952.mktoresp.com	munchkin.marketo.net
1	consent.trustarc.com	www.mandiant.com
1	cdnjs.cloudflare.com	www.mandiant.com
1	www.fireeye.com	www.mandiant.com
98	41

This site contains links to these domains. Also see Links.

Domain
investors.mandiant.com
login.mandiant.com
careers.smartrecruiters.com
cve.mitre.org
nvd.nist.gov
oxalis.io
bishopfox.com
foxglovesecurity.com
github.com
www.lunasec.io
medium.com
googleprojectzero.blogspot.com
www.blackhat.com
yara.readthedocs.io
snort.org
mbechler.github.io
app.validation.mandiant.com
swapneildash.medium.com
soroush.secproject.com
research.nccgroup.com
www.slideshare.net
www.youtube.com
deadliestwebattacks.com
community.fireeye.com
partners.fireeye.com
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
mandiant.com Cloudflare Inc ECC CA-3	`2021-11-04` - `2022-11-03`	a year	crt.sh
fireeye.com Cloudflare Inc ECC CA-3	`2021-12-07` - `2022-12-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-29` - `2022-01-27`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.6sense.com Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.mandiant.com/resources/hunting-deserialization-exploits
Frame ID: 1AF644138CF3BEBF37CF87E805EDDE32
Requests: 78 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 9DDAF0D4B8735A27019F605773371B26
Requests: 1 HTTP requests in this frame

Frame: https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits
Frame ID: 806832C0BA19A985D732DD68D26D3A8B
Requests: 2 HTTP requests in this frame

Frame: https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits
Frame ID: 6247E9CD6351CD744CB8FB376E75A1A7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=n1p7env6g3ab
Frame ID: 0AE2ED5E2C09674AEA9A1EBB5A48F936
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=t9l2prmykha
Frame ID: 66A8E53E913297620A54D844A6DB26FD
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq
Frame ID: 21F4D68ECD542835578DD57122399CD0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq
Frame ID: D1ABBB6E8F0D828BD3BA831E40991D9F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits | Mandiant

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+recaptcha
<div[^>]+class="g-recaptcha"
/recaptcha/api\.js

Page Statistics

98
Requests

95 %
HTTPS

0 %
IPv6

31
Domains

41
Subdomains

34
IPs

2
Countries

3155 kB
Transfer

5971 kB
Size

45
Cookies

51 Outgoing links

These are links going to different origins than the main page.

URL: https://investors.mandiant.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://login.mandiant.com/
Title: .userlayer-1{fill:none;stroke-miterlimit:10;stroke-width:15px}

Search URL Search Domain Scan URL

URL: https://careers.smartrecruiters.com/mandiant/all/
Title: Careers

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42321
Title: CVE-2021-42321

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-10189
Title: CVE-2020-10189

Search URL Search Domain Scan URL

URL: https://oxalis.io/atlassian-jira-data-centers-critical-vulnerability-what-you-need-to-know/
Title: CVE-2020-36239

Search URL Search Domain Scan URL

URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Title: CVE-2019-18935

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9299
Title: CVE-2016-9299

Search URL Search Domain Scan URL

URL: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Title: more

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/heyserial.py
Title: HeySerial.py

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/utils/checkyoself.py
Title: CheckYoself.py

Search URL Search Domain Scan URL

URL: https://www.lunasec.io/docs/blog/log4j-zero-day/
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://medium.com/@frycos/yet-another-net-deserialization-35f6ce048df7
Title: CVE-2019-18211

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.html
Title: Google Project Zero

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-wp.pdf
Title: Java Messaging Service

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
Title: Java Naming and Directory Interface

Search URL Search Domain Scan URL

URL: https://github.com/pwntester/ysoserial.net#usage
Title: formatters such as

Search URL Search Domain Scan URL

URL: https://github.com/frohoff/ysoserial
Title: https://github.com/frohoff/ysoserial

Search URL Search Domain Scan URL

URL: https://github.com/wh1t3p1g/ysoserial
Title: https://github.com/wh1t3p1g/ysoserial

Search URL Search Domain Scan URL

URL: https://github.com/pwntester/ysoserial.net
Title: https://github.com/pwntester/ysoserial.net

Search URL Search Domain Scan URL

URL: https://github.com/pwntester/ysoserial.net/tree/v2
Title: https://github.com/pwntester/ysoserial.net/tree/v2

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/DEVELOPERS.md
Title: Developer Guide.

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/utils/generate_payloads.sh
Title: generate_payloads.sh

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/utils/generate_payloads.ps1
Title: generate_payloads.ps1

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/tree/main/payloads
Title: generated payloads

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/blob/main/utils/server.py
Title: server.py

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/tree/main/pcaps
Title: PCAPs

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/tree/main/rules/javaobj
Title: rules

Search URL Search Domain Scan URL

URL: https://yara.readthedocs.io/en/stable/gettingstarted.html
Title: YARA installed

Search URL Search Domain Scan URL

URL: https://snort.org/#get-started
Title: local installation of Snort

Search URL Search Domain Scan URL

URL: https://github.com/0xacb/viewgen
Title: public tools

Search URL Search Domain Scan URL

URL: https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/
Title: JNDI code injection

Search URL Search Domain Scan URL

URL: https://github.com/veracode-research/rogue-jndi
Title: serialized Java classes

Search URL Search Domain Scan URL

URL: https://app.validation.mandiant.com/
Title: Mandiant Security Validation

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/heyserial/tree/main/payloads/javaobj
Title: YSoSerial Java payloads

Search URL Search Domain Scan URL

URL: https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Title: Deserialization-Cheat-Sheet

Search URL Search Domain Scan URL

URL: https://swapneildash.medium.com/deep-dive-into-net-viewstate-deserialization-and-its-exploitation-54bf5b788817
Title: Deep Dive into .NET ViewState deserialization and its exploitation

Search URL Search Domain Scan URL

URL: https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/
Title: Exploiting Deserialization in ASP.NET via ViewState

Search URL Search Domain Scan URL

URL: https://research.nccgroup.com/wp-content/uploads/2020/07/whitepaper-new.pdf
Title: Use of Deserialization in .NET Framework Methods and Classes

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
Title: Friday the 13th, JSON Attacks

Search URL Search Domain Scan URL

URL: https://github.com/frohoff/marshalsec/blob/master/marshalsec.pdf
Title: Java Unmarshaller Security

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/frohoff1/deserialize-my-shorts-or-how-i-learned-to-start-worrying-and-hate-java-object-deserialization
Title: Deserialize My Shorts

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=KSA7vUkXGSg
Title: Marshalling Pickles

Search URL Search Domain Scan URL

URL: https://github.com/VulnerableGhost/.Net-Sterilized--Deserialization-Exploitation/blob/master/BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
Title: Are you my Type? Breaking .NET Through Serialization

Search URL Search Domain Scan URL

URL: https://deadliestwebattacks.com/2011/05/13/a-spirited-peek-into-viewstate-part-i/
Title: A Spirited Peek into ViewState

Search URL Search Domain Scan URL

URL: https://community.fireeye.com/
Title: Community

Search URL Search Domain Scan URL

URL: https://partners.fireeye.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Mandiant

Search URL Search Domain Scan URL

URL: https://twitter.com/Mandiant

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCexu0DP7VKdDByusuTA53FQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mandiant/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://www.google.com/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&auid=774784811.1642615527 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&auid=774784811.1642615527

Request Chain 51

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits HTTP 302
https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits

Request Chain 52

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits HTTP 302
https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits

Request Chain 59

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3460746%26time%3D1642615526630%26url%3Dhttps%253A%252F%252Fwww.mandiant.com%252Fresources%252Fhunting-deserialization-exploits%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&cookiesTest=true&liSync=true HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219&_expected_cookie=44aca05b70bbda8abfa23312d822d8d0

Request Chain 63

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AABYGE7D0KYAAEEMeJWkzQ

Request Chain 64

https://id.rlcdn.com/464526.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCOaloY8GEgUI6AcQAEIASgA HTTP 307
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM HTTP 303
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM&verifyHash=c10c42b9f93ae0638d4012eb6a434abaedd60323

Request Chain 71

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&RedC=c.clarity.ms&MXFR=172716F5B9866FF407E907C4BD8661E9 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&MUID=3155483E505C671E3514590F517566F1

98 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hunting-deserialization-exploits Show response
www.mandiant.com/resources/ 108 KB
30 KB 422ms
96ms Document
text/html 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89eb112ae49036ce338e1ca36823362e6708e4145d41e7f0c0eb1a3a8f70dafb

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-type: text/html; charset=UTF-8
content-length: 29788
cache-control: max-age=2764800, public
link: <https://www.mandiant.com/resources/hunting-deserialization-exploits>; rel="canonical" <https://www.mandiant.com/resources/hunting-deserialization-exploits>; rel="alternate"; hreflang="en" <https://www.mandiant.com/resources/hunting-deserialization-exploits>; rel="revision"
x-ua-compatible: IE=edge
content-language: en
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Tue, 18 Jan 2022 20:42:19 GMT
etag: "1642538539"
vary: Cookie,Accept-Encoding
content-security-policy: report-uri /report-csp-violation
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin
expect-ct: max-age=86400
content-encoding: gzip
x-request-id: v-21762b14-789f-11ec-9a7b-d33bf2fcaeee
x-ah-environment: prod
age: 76984
via: varnish
x-cache: HIT
x-cache-hits: 211
accept-ranges: bytes
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6d01fdb63d83198e-EWR

GET
H2 200 google_tag.script.js Show response
www.mandiant.com/sites/default/files/google_tag/google_tag_manager/ 348 B
423 B 35ms
34ms Script
application/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/google_tag/google_tag_manager/google_tag.script.js?r5x8rv

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b7eb2b28fbf8ad29058540ee28e8b49701e0e47351ff25d3b688fcef9b2a88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 79657
x-cache: HIT
x-cache-hits: 4
x-ah-environment: prod
content-length: 280
x-request-id: v-e3bba3b8-7898-11ec-9651-276bc41f6b6e
last-modified: Tue, 18 Jan 2022 19:57:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f5f198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 css_dr9MkevBlKEVP4WdWq5DKF0dExX9VmFfDaSQAD7hsg8.css
www.mandiant.com/sites/default/files/css/ 10 KB
3 KB 36ms
34ms Stylesheet
text/css 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_dr9MkevBlKEVP4WdWq5DKF0dExX9VmFfDaSQAD7hsg8.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76bf4c91ebc194a1153f859d5aae43285d1d1315fd56615f0da490003ee1b20f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 161168
x-cache: HIT
x-cache-hits: 57
x-ah-environment: prod
content-length: 2585
x-request-id: v-cba5de18-74a8-11ec-be43-dfdab1f46713
last-modified: Wed, 05 Jan 2022 21:32:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f63198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 clientlibs_recaptcha.min.css
www.fireeye.com/etc/designs/fireeye-www/ 649 B
1019 B 376ms
46ms Stylesheet
text/css 162.159.246.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_recaptcha.min.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.246.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee33831b0f69f4fd2300024df8f2488a4a7a4093cfcc5e28062e128308478f9

Security Headers

Name	Value
Content-Security-Policy	worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://content.fireeye.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-dispatcher: dispatcher1uswest1
date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 468
x-vhost: publish
vary: Accept-Encoding,User-Agent
content-length: 373
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Jan 2022 05:17:41 GMT
server: cloudflare
x-frame-options: ALLOW-FROM https://content.fireeye.com
etag: "289-5d5e88140d964-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: public, max-age=14400
content-security-policy: worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
accept-ranges: bytes
cf-ray: 6d01fdb91dff8c54-EWR
expires: Wed, 19 Jan 2022 22:05:25 GMT

GET
H2 200 css_3X6AxfM5DxgQzmwm-Sb7icFieRYVVJx6f5ZNTFES4NA.css
www.mandiant.com/sites/default/files/css/ 1 KB
410 B 23ms
22ms Stylesheet
text/css 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_3X6AxfM5DxgQzmwm-Sb7icFieRYVVJx6f5ZNTFES4NA.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd7e80c5f3390f1810ce6c26f926fb89c162791615549c7a7f964d4c5112e0d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20658
x-cache: HIT
x-cache-hits: 60
x-ah-environment: prod
content-length: 280
x-request-id: v-81c59778-6933-11ec-b5f1-8b2b0b036400
last-modified: Wed, 22 Dec 2021 22:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f68198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/ 23 KB
5 KB 327ms
12ms Stylesheet
text/css 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 604434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4364
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-5cbb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8AjnJlQmG8wEXM553yeX%2By7Rk9c%2BRVGBUaElns9GJGF8PN0W410pS9cZOOJt2lGactdVO59JvGeJnkgbUhpxiAPfgmVMoKqpr%2BKH4EpvfzXnl2g8LhjqCbcrizmM2rKyVjPQq8Ek"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d01fdb8fbd63354-EWR
expires: Mon, 09 Jan 2023 18:05:25 GMT

GET
H2 200 css_JuaZYhYzTuce8L3JZ6j0GyZOs2h_5fEgIt5Rk2gSDFk.css
www.mandiant.com/sites/default/files/css/ 143 KB
21 KB 22ms
21ms Stylesheet
text/css 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_JuaZYhYzTuce8L3JZ6j0GyZOs2h_5fEgIt5Rk2gSDFk.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26e6996216334ee71ef0bdc967a8f41b264eb3687fe5f12022de519368120c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510937
x-cache: HIT
x-cache-hits: 17
x-ah-environment: prod
content-length: 21680
x-request-id: v-ed88255c-74aa-11ec-abd9-97b5ff5c950a
last-modified: Thu, 13 Jan 2022 19:30:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f6a198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
www.mandiant.com/sites/default/files/css/ 208 KB
26 KB 24ms
23ms Stylesheet
text/css 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b5f56ebdd16010daac79026e0aec23a4b6c71691ce114a07faa9bf4cb4df7e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 512915
x-cache: HIT
x-cache-hits: 32
x-ah-environment: prod
content-length: 26357
x-request-id: v-5d54cbfa-74a7-11ec-96b4-9781713d3efb
last-modified: Thu, 13 Jan 2022 19:30:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f6d198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 js_OBliw_L7ClI2lQt0hiZ8tqDu-aD-b_roJ-E1kSnqqgw.js Show response
www.mandiant.com/sites/default/files/js/ 101 KB
34 KB 32ms
31ms Script
text/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/js/js_OBliw_L7ClI2lQt0hiZ8tqDu-aD-b_roJ-E1kSnqqgw.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

381962c3f2fb0a5236950b7486267cb6a0eef9a0fe6ffae827e1359129eaaa0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 509876
x-cache: HIT
x-cache-hits: 33
x-ah-environment: prod
content-length: 34989
x-request-id: v-bccbd842-6473-11ec-9146-5392712dcb40
last-modified: Wed, 22 Dec 2021 22:36:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f7f198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 910 B
994 B 347ms
25ms Script
text/javascript 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

9ca4ce05a9eeb9d9183e71055a57e6759763581b4a9b0e0b801f3cb4114bbb77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 581
x-xss-protection: 1; mode=block
expires: Wed, 19 Jan 2022 18:05:25 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 351ms
25ms Script
application/javascript 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 125395
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6d01fdbb6b008c9b-EWR
cf-bgj: minify

GET
H2 200 js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js Show response
www.mandiant.com/sites/default/files/js/ 174 KB
55 KB 28ms
28ms Script
text/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9ab3e7109f42ef98afbad438ec60278ecafc571622d8b190a35c733dbcc0f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510937
x-cache: HIT
x-cache-hits: 33
x-ah-environment: prod
content-length: 56326
x-request-id: v-3d72a26e-642e-11ec-8450-537774e6682e
last-modified: Wed, 22 Dec 2021 22:35:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb70f81198e-EWR
expires: Wed, 02 Feb 2022 18:05:24 GMT

GET
H2 200 eb5srz Show response
consent.trustarc.com/v2/notice/ 90 B
370 B 26ms
4ms Script
text/javascript 99.84.42.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.trustarc.com/v2/notice/eb5srz
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.42.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-42-111.ewr52.r.cloudfront.net
Software: openresty/1.15.8.2 /
Resource Hash: 83b34f175a9850d098edfacb50c3bb97a22975fa0d18570d11fc076676a87781

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:48:13 GMT
via: 1.1 f0ab8d467f15305a984bbb6e71d77f06.cloudfront.net (CloudFront)
server: openresty/1.15.8.2
age: 1032
vary: Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=ISO-8859-1
x-amz-cf-pop: EWR52-C4
content-length: 90
x-amz-cf-id: 8J1BZu-4jL79-H8KMGD9mJr-rQ15xHpTzvYGQDBDwxyy1uu5J8TWew==

GET
H2 200 fontloader.built.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 7 KB
2 KB 44ms
44ms Script
application/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/fontloader.built.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88cb9efe9226cab0669f7f6cdf082ec49a48a58f6411b69864b6f952928b979a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510937
x-cache: HIT
x-cache-hits: 16
x-ah-environment: prod
content-length: 2315
x-request-id: v-11b1f5c2-693c-11ec-87ca-8bf24e33784f
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb96cde198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 arrow-red.svg
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/ 234 B
345 B 32ms
31ms Image
image/svg+xml 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/arrow-red.svg

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eab324aea216ff6432155a5cdbd59b7c1429f7d27be852f9dd037c7ade0377c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510937
x-cache: HIT
x-cache-hits: 30
x-ah-environment: prod
content-encoding: gzip
x-request-id: v-2244b5c4-5dc9-11ec-b056-1bc346601bc1
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=1209600
cf-ray: 6d01fdb97d10198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 gray-circle.png
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/backgrounds/ 9 KB
9 KB 20ms
20ms Image
image/png 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/images/backgrounds/gray-circle.png

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfbbb6a8bb9482b6bddbba133d70d9ac28fea886ede20ecdaf3110d5c70dba6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 507457
x-cache: HIT
x-cache-hits: 21
x-ah-environment: prod
content-length: 8943
x-request-id: v-21e43aa0-5dc9-11ec-b1cf-971b03193ca0
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb97d13198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 Barlow-Bold.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 56 KB
56 KB 18ms
18ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Bold.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ec192b1be13b5eb7d11e7c8a0f1466ef236e4ba88182bb4cec76a2c7919464e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510937
x-cache: HIT
x-cache-hits: 57
x-ah-environment: prod
content-length: 57572
x-request-id: v-ecbe27a8-5d52-11ec-9592-0b5ed00586a7
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb98d33198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 deserialization1.png
www.mandiant.com/sites/default/files/inline-images/ 829 KB
830 KB 45ms
44ms Image
image/png 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/sites/default/files/inline-images/deserialization1.png

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90bd638b64a7fcd93dfbbf957101258b10a45356e25425e6e1fb04f868339a4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156370
x-cache: HIT
x-cache-hits: 50
x-ah-environment: prod
content-length: 848659
x-request-id: v-82ff6c02-74bb-11ec-94df-07f29788bc89
last-modified: Wed, 08 Dec 2021 18:25:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb9fe59198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 deserialization2.png
www.mandiant.com/sites/default/files/inline-images/ 441 KB
442 KB 31ms
30ms Image
image/png 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mandiant.com/sites/default/files/inline-images/deserialization2.png

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e9abb2e9cdcdedebb079ffd753146eaf162ad7d2a7928e04f01bf2d15c69da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1624
x-cache: HIT
x-cache-hits: 19
x-ah-environment: prod
content-length: 451634
x-request-id: v-6e126384-78bd-11ec-9f7a-dbd673e4d51d
last-modified: Wed, 08 Dec 2021 18:25:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdb9fe5b198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 974.bundle.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 7 KB
2 KB 29ms
26ms Script
application/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/974.bundle.js?36372e

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ed649e749e9698e805596809e2ede372229183ddb6b38fc96f696cff02f085

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24357
x-cache: HIT
x-cache-hits: 4
x-ah-environment: prod
content-length: 2308
x-request-id: v-e462373a-6de1-11ec-b116-4b1353735cc2
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdba4f22198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 404.bundle.js Show response
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/ 406 B
372 B 25ms
22ms Script
application/javascript 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/scripts/404.bundle.js?2c5f80

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/js/js_DJqz5xCfQu-Yr7rUOOxgJ47K_FcWItixkKNccz28wPY.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2cb383a30bee467e40ecebb49e4229b1b57efcc2c7632c921cd170a75c74d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510991
x-cache: HIT
x-cache-hits: 17
x-ah-environment: prod
content-length: 263
x-request-id: v-973e4196-69aa-11ec-8951-83fe9308bc8a
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
via: varnish
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdba4f28198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 328 KB
89 KB 364ms
47ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/google_tag/google_tag_manager/google_tag.script.js?r5x8rv

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9b6ab0f2d7d85d5283a684fbcdfcbd2e51698ded09fbc0396b34285a846133db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90151
x-xss-protection: 0
expires: Wed, 19 Jan 2022 18:05:25 GMT

GET
H2 200 Barlow-Regular.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 55 KB
55 KB 54ms
53ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Regular.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f269cafacd48c650b7c76973b7192a4593125d9b957bfa3b57a89e835ec0df1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 70137
x-cache: HIT
x-cache-hits: 1
x-ah-environment: prod
content-length: 56020
x-request-id: v-c2550168-789a-11ec-be21-774b91698a3e
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdbaa818198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 PTMono-Regular.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/mono/ 71 KB
71 KB 67ms
67ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/mono/PTMono-Regular.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfaed587b938cc953c5008f257ed1e661e9d2e2f907bd5b520fc4b9348985a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510936
x-cache: HIT
x-cache-hits: 79
x-ah-environment: prod
content-length: 72380
x-request-id: v-42ce6238-644d-11ec-964a-3b0a7097d3b4
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdbaa819198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 Barlow-Medium.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 55 KB
55 KB 21ms
20ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-Medium.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe3bfdac05de97234a1a81c7f09c87f14708cf7bd9a341a63e68613c3c6e40d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22232
x-cache: HIT
x-cache-hits: 121
x-ah-environment: prod
content-length: 55968
x-request-id: v-92c1724a-686b-11ec-85cb-d7356695a104
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdbb295e198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 Barlow-SemiBold.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 56 KB
57 KB 24ms
24ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-SemiBold.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bb508d41bf1d0c5d56340c7df789b6589350a5f967e1fa937bee5c148d0cb0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510936
x-cache: HIT
x-cache-hits: 35
x-ah-environment: prod
content-length: 57764
x-request-id: v-4be6ebe4-5d43-11ec-9a0c-6f4f68d68ea9
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdbb2972198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 Barlow-MediumItalic.woff2
www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/ 59 KB
59 KB 25ms
24ms Font
text/plain 162.159.241.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mandiant.com/themes/custom/mandiant_theme/gnorm/build/fonts/barlow/Barlow-MediumItalic.woff2

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

162.159.241.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34e89fde702aa592d82afbb8d98034150cb3a2e6bd67a922af1edd106cf87fe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/sites/default/files/css/css_W19W690WAQ2qx5Am4K7COktscWkc4RSgf6qb9MtN9-c.css
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
via: varnish
x-content-type-options: nosniff
cf-cache-status: HIT
age: 510542
x-cache: HIT
x-cache-hits: 35
x-ah-environment: prod
content-length: 60612
x-request-id: v-b6c5e030-5d63-11ec-be63-7be6a0514643
last-modified: Mon, 13 Dec 2021 00:12:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 6d01fdbb297c198e-EWR
expires: Wed, 02 Feb 2022 18:05:25 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ 351 KB
139 KB 324ms
4ms Script
text/javascript 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mandiant.com/
Origin: https://www.mandiant.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46360
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 9DDA 741 B
554 B 26ms
25ms Document
text/html 172.67.39.148
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.39.148 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
etag: W/"2e5-5cc9e128a4c38"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
via: e4s
cf-cache-status: HIT
age: 2371809
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6d01fdbc9e258c9b-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 165 KB
61 KB 30ms
29ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6642ZTDJ7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3e209d33f946ce05466bf7ca7fe5bd746225b66c8f908a11c48f462667d55ea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62557
x-xss-protection: 0
expires: Wed, 19 Jan 2022 18:05:25 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
36 KB 22ms
21ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10870294

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4c0f4aadc6e2937678993e6af1963ad6fab4853f3d9f0a59ded2aff9d626bda2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36316
x-xss-protection: 0
expires: Wed, 19 Jan 2022 18:05:25 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 61ms
8ms Script
application/x-javascript 23.10.86.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.10.86.114 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-10-86-114.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:25 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
36 KB 38ms
37ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11363283&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e9449a6dfd1bd67439005512d7ad7652d88a43343403224d9e5d0e8a17195e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36271
x-xss-protection: 0
expires: Wed, 19 Jan 2022 18:05:25 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 7ms
6ms Script
application/x-javascript 23.10.86.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.10.86.114 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-10-86-114.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Fri, 29 Apr 2022 18:05:25 GMT

POST
H/1.1 200
OK visitWebPage
565-pei-952.mktoresp.com/webevents/ 2 B
311 B 81ms
26ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://565-pei-952.mktoresp.com/webevents/visitWebPage?_mchNc=1642615525988&_mchCn=&_mchId=565-PEI-952&_mchTk=_mch-mandiant.com-1642615525987-45063&_mchHo=www.mandiant.com&_mchPo=&_mchRu=%2Fresources%2Fhunting-deserialization-exploits&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: addc66f9-bb6a-4b32-9bfe-6772bbe40d2d

GET
H2 200 v1.js Show response
www.googletagmanager.com/dclk/ns/ 2 KB
2 KB 4ms
4ms Script
text/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/dclk/ns/v1.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10870294

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

sffe /

Resource Hash

03bef1eeac54d221d1da744095e12a9caae78fb47a16f0d9a7598fa83cd79fcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 00:36:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322166
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1094
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
vary: Accept-Encoding
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sun, 23 Jan 2022 00:36:00 GMT

GET
H2 200 nr-1212.min.js Show response
js-agent.newrelic.com/ 34 KB
13 KB 13ms
3ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1212.min.js
Requested by: Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding: gzip
etag: "9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id: R7RFJZ3PB2HQM5V8
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 12828
x-amz-id-2: fjm7sPRVNJVRLI7/nV5M8+DpFR4k7oPEYfZRdmtTEFeMiKw7+8tmliMYPVwl5MZU65QlQGoGBIs=
x-served-by: cache-lga21931-LGA
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1642615526.223940,VS0,VE0
date: Wed, 19 Jan 2022 18:05:26 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 7799

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 46ms
9ms Script
application/javascript 151.101.248.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.248.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:26 GMT
content-encoding: gzip
last-modified: Wed, 22 Sep 2021 00:02:22 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200075-IAD, cache-bwi5040-BWI

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 334ms
4ms Script
application/x-javascript 184.51.146.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.51.146.152 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-51-146-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency: 310
Date: Wed, 19 Jan 2022 18:05:26 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
X-EdgeConnect-MidMile-RTT: 1
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=46322
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 317ms
3ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26187
x-xss-protection: 0
pragma: public
x-fb-debug: /+tLG1LpWxJjOGZWbivPEwmTndWMCp3QfTtRD3w2+1czW7NQ6tun9ff5ZszZ01k9G6fq9P+pZDd5dwzyyeQB2w==
x-fb-trip-id: 1512268381
x-frame-options: DENY
date: Wed, 19 Jan 2022 18:05:26 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 36 KB
11 KB 333ms
16ms Script
application/javascript 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
last-modified: Fri, 03 Dec 2021 01:53:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E49D99A25AF74DB98B461145FEEDD7B6 Ref B: EWR30EDGE0207 Ref C: 2022-01-19T18:05:26Z
etag: "0cb09ee8e7d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10468

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 40ms
4ms Script
application/javascript 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Jan 2022 18:05:26 GMT

GET
H2 200 41dad6d0.min.js Show response
tag.demandbase.com/ 58 KB
16 KB 387ms
8ms Script
application/javascript 13.225.230.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/41dad6d0.min.js

Requested by

Host: www.mandiant.com
URL: https://www.mandiant.com/resources/hunting-deserialization-exploits

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.230.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-230-15.jfk51.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9ba17fa97dfcf22b549ac3362f681c82a8c654a5a9a63f8e4a6a071c8f049c17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:27:57 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 2250
x-cache: Hit from cloudfront
last-modified: Tue, 08 Dec 2020 23:32:23 GMT
server: AmazonS3
etag: W/"82ec0243a7aeb004541846030cd1d2af"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-version-id: rpFyfLwiczshLWFNIjONrYD9WBIwMbpV
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: JFK51-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: kxXmBT7XKOO5t8I17EcAKJdvkXKl93F7SLARunAxbMQyVv4NBXz4ZA==

GET
H/1.1 200
OK NRJS-890ead692fb1e944fb6 Show response
bam.nr-data.net/1/ 57 B
322 B 99ms
24ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-890ead692fb1e944fb6?a=1404479750&v=1212.e95d35c&to=YlRVYERZV0ZSWhINX1sedldCUVZbHH0UEUBUXWtaWVxcaXBWCBBCWl1bUURkd1pXXDANVUJyWFpCSlZZX1wUSQ5DWFJD&rst=1750&ck=1&ref=https://www.mandiant.com/resources/hunting-deserialization-exploits&ap=530&be=453&fe=1702&dc=970&perf=%7B%22timing%22:%7B%22of%22:1642615524509,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:13,%22c%22:314,%22s%22:317,%22ce%22:327,%22rq%22:327,%22rp%22:423,%22rpe%22:425,%22dl%22:428,%22di%22:969,%22ds%22:970,%22de%22:988,%22dc%22:1701,%22l%22:1701,%22le%22:1710%7D,%22navigation%22:%7B%7D%7D&fp=946&fcp=946&at=ThNWFgxDREg%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
457 B 107ms
36ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o5b0k&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=5660ab9f-a6e7-46e6-80dc-b3f6c8e2bf62&tw_document_href=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
server: tsa_b
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 53dd84e110be207f17186e53ee1d3935f49c17b8479acf9319bde8ac5400722d
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
335 B 97ms
35ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o5b0k&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=5660ab9f-a6e7-46e6-80dc-b3f6c8e2bf62&tw_document_href=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 19 Jan 2022 18:05:25 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c9b17da4810c0a5e5f51e2733bed6154f536dbac7e6f054ffca1e3e1eba911b2
content-length: 43

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
692 B 57ms
47ms XHR
application/json 68.67.181.207
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.207 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

554.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 Jan 2022 18:05:26 GMT
X-Proxy-Origin: 37.120.138.195; 37.120.138.195; 554.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: 00c21c6d-c721-4fe6-8d8c-d40922ba13d8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.mandiant.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
372 B 68ms
4ms XHR
text/plain 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-217-47-10.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8200a9267a1b2dd41b67ce978032fb13c95ecd391600cb7e2e236f96383ae564

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.mandiant.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 45ms
24ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=null&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A26%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 50ms
11ms Preflight 34.200.179.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.179.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-179-101.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,epsiloncookie
Origin: https://www.mandiant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 19 Jan 2022 18:05:26 GMT
server: nginx
access-control-allow-origin: https://www.mandiant.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization,epsiloncookie

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 786 B
648 B 43ms
19ms XHR
application/json 34.200.179.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.179.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-179-101.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 14dd2c4aaca337d9bb05d439562904a183f2085bafd40e9ff99c8803e4f93a2c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
Authorization: Token 325d6d60e24c7cfc3a782839d85ce08c8d3bb27c
EpsilonCookie: 2ec8d91700080000e652e86119010000aef60200

Response headers

date: Wed, 19 Jan 2022 18:05:26 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.mandiant.com
access-control-allow-credentials: true
content-length: 462

GET
H2

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&auid=774784811.1...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&aui...

42 B
681 B

336ms
18ms

Ping
image/gif

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&auid=774784811.1642615527

Protocol

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G111&rnd=986506476.1642615527&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&gtm=2wg1c0T72STLD&auid=774784811.1642615527
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.ma... Show response
11363283.fls.doubleclick.net/ Frame 8068
Redirect Chain

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww...
https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudien...

471 B
725 B

40ms
39ms

Document
text/html

142.251.40.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f6.1e100.net

Software

cafe /

Resource Hash

ab007a7e19fbdc78b55cdb827fab406612e79656b6ae9cc7fdc863e63dbbd619

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jan 2022 18:05:26 GMT
expires: Wed, 19 Jan 2022 18:05:26 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jan 2022 18:05:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.ma... Show response
11363283.fls.doubleclick.net/ Frame 6247
Redirect Chain

https://11363283.fls.doubleclick.net/activityi;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww...
https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudien...

471 B
683 B

43ms
43ms

Document
text/html

142.251.40.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-11363283&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f6.1e100.net

Software

cafe /

Resource Hash

5bcbb06a20e06d0ba57982a791b549e7d6405b70c5c798a3e9a3cff56d537a32

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jan 2022 18:05:26 GMT
expires: Wed, 19 Jan 2022 18:05:26 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 384
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jan 2022 18:05:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2...
11363283.fls.doubleclick.net/ 0
0 60ms
22ms Image
text/html 142.251.40.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://11363283.fls.doubleclick.net/activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s81-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2...
11363283.fls.doubleclick.net/ 0
0 59ms
22ms Image
text/html 142.251.40.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://11363283.fls.doubleclick.net/activityi;register_conversion=1;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s81-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 323ms
5ms Script
text/javascript 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T72STLD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5067
date: Wed, 19 Jan 2022 16:40:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 19 Jan 2022 18:40:59 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
172 B 300ms
18ms Ping
text/plain 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X6642ZTDJ7&gtm=2oe1c0&_p=1341633542&sr=1600x1200&gcs=G111&ul=en-us&cid=40252334.1642615527&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&dt=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&sid=1642615525&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6642ZTDJ7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mandiant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
21 KB 4ms
3ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.49

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 20661
x-xss-protection: 0
pragma: public
x-fb-debug: h4UOJT89a0FfV4m3WhAmA47rVmlt1yBQ1SL4uSdLWVWgvV1h0KzA2kDx6cc7ZNdaYVi7cLxi6Rqi6+7dq7vCZQ==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 19 Jan 2022 18:05:26 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 880805232811859 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 41ms
41ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/880805232811859?v=2.9.49&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

2e43f7a38d8201edd50651f72b8fc36098232f5cb753d4062fd925746615f5c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: yFpKfPqZ1/s1+tIzYmHQtIZwVUas2VgnIZEJM0qehu5IvTs5LCRzfqhlWqYMS9Kf93KD37biZJiHKO5FXjw6kA==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 19 Jan 2022 18:05:26 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3460746%26time%3D1642615526630%26url%3Dhttps%253A%252F%252Fwww.mandiant.com%252Fr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3460746&time=1642615526630&url=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&cookiesTest=true&liSync=true
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219&_expected_cookie=44aca05b70bbda8abfa23312...

43 B
142 B

45ms
44ms

Image
image/gif

104.18.101.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219&_expected_cookie=44aca05b70bbda8abfa23312d822d8d0
Protocol: H2
Server: 104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6d01fdc5adb4efd8-EWR
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6445a2da-7cd2-4238-96d9-7e5a7c122219&_expected_cookie=44aca05b70bbda8abfa23312d822d8d0
date: Wed, 19 Jan 2022 18:05:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6d01fdc58d80efd8-EWR
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H2 200 5870833.js Show response
bat.bing.com/p/action/ 689 B
742 B 148ms
147ms Script
application/javascript 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5870833.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: 06731aa38709091d322421570a6a1e1d7acb85e2e33d891061a5d3eb5441e787

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:25 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 53DFBE09488D4064B5E84084D8AD19E6 Ref B: EWR30EDGE0207 Ref C: 2022-01-19T18:05:26Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 589

GET
H2 204 0
bat.bing.com/action/ 0
152 B 16ms
15ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5870833&tm=gtm002&Ver=2&mid=451b9f73-f4f4-4d9d-8816-771a6033351b&sid=612f7f10795211ecbe9cc3eab8278fa0&vid=612faf80795211eca3f0e3d58c2501e1&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Now%20You%20Serial,%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&p=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&r=&lt=1710&evt=pageLoad&msclkid=N&sv=1&rn=971795
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A5D580659A245A7AFF910B43FEDBC8C Ref B: EWR30EDGE0207 Ref C: 2022-01-19T18:05:26Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 435 B
943 B 77ms
55ms XHR
application/json 99.84.125.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&page_title=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&src=tag&key=8d2742040a7c03554594027a7fa2daa0
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/41dad6d0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.125.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-125-50.ewr52.r.cloudfront.net
Software: nginx /
Resource Hash: 60ce0736b285b2ccdcd72f23cdf3c98c28645a2b7a60142d0b102b12492129f9

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:26 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: EWR52-C3
x-cache: Miss from cloudfront
request-id: ed5e4772-1c1a-44e1-8984-6b1f5e99caed
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.mandiant.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 7972cbd1699f1a8b6ef2e0b1fa50ca3e.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fd9UILEK2Lh0BCZFs5YVlWOXfbsYjj-D8WyF7RuSg64E3DYUCkOEfQ==
expires: Tue, 18 Jan 2022 18:05:26 GMT

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AABYGE7D0KYAAEEMeJWkzQ

26 B
409 B

15ms
14ms

Image
image/gif

13.225.230.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=choca&user_id=AABYGE7D0KYAAEEMeJWkzQ
Protocol: HTTP/1.1
Server: 13.225.230.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-230-34.jfk51.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:28 GMT
Via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK51-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: dc71befa545c2ee5
X-Amz-Cf-Id: wDcSiFRdhmMPrHNoQQ3_DtvQ0n9WwoJz-u-DTEmceTzmC4U66vGTTA==

Redirect headers

location: https://segments.company-target.com/log?vendor=choca&user_id=AABYGE7D0KYAAEEMeJWkzQ
Date: Wed, 19 Jan 2022 18:05:28 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCOaloY8GEgUI6AcQAEIASgA
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM&verifyHash=c10c42b9f93ae0638d4012eb6a434abaedd60323

26 B
409 B

12ms
12ms

Image
image/gif

13.225.230.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM&verifyHash=c10c42b9f93ae0638d4012eb6a434abaedd60323
Protocol: HTTP/1.1
Server: 13.225.230.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-230-34.jfk51.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
Via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK51-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 115c996b95d18d50
X-Amz-Cf-Id: wyLqNAUTgdW9a5dDi7koAcM70_Xm5sf5YAlGw8zN0iEOEcMe-vaR1Q==

Redirect headers

Date: Wed, 19 Jan 2022 18:05:26 GMT
Via: 1.1 ab95c5a0dcf51f52101ed4d59d15a2a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK51-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=liveramp&user_id=Xc1297_ElFyF3SDGbOpIxoGvC8WMfxt5lrH3oG6o7SECzdzTM&verifyHash=c10c42b9f93ae0638d4012eb6a434abaedd60323
Connection: keep-alive
trace-id: e129883ddfb359eb
Content-Length: 0
X-Amz-Cf-Id: I1ogIwppJ_L_CFF7ZzGFSZNnkJ-odoGiEDMnRddri1d0r00wWlu7Pw==

GET
H2 200 dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunt...
adservice.google.com/ddm/fls/z/ Frame 8068 42 B
494 B 355ms
24ms Image
image/gif 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits

Requested by

Host: 11363283.fls.doubleclick.net
URL: https://11363283.fls.doubleclick.net/activityi;dc_pre=CN6Z3dezvvUCFRIMhwodcfgKnw;src=11363283;type=invmedia;cat=mandi0;ord=7748497334360;gtm=2wg1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://11363283.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 313ms
4ms Image
image/gif 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=880805232811859&ev=PageView&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&rl=&if=false&ts=1642615526698&sw=1600&sh=1200&v=2.9.49&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=29&fbp=fb.1.1642615526697.603607252&it=1642615526625&coo=false&tm=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 19 Jan 2022 18:05:27 GMT

GET
H2 200 dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunt...
adservice.google.com/ddm/fls/z/ Frame 6247 42 B
107 B 344ms
25ms Image
image/gif 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=*;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits

Requested by

Host: 11363283.fls.doubleclick.net
URL: https://11363283.fls.doubleclick.net/activityi;dc_pre=CMqb3dezvvUCFUn5hwoduoQLdA;src=11363283;type=invmedia;cat=mandi0;ord=9710717763599;gtm=2od1c0;gcs=G111;auiddc=774784811.1642615527;u1=%5BAudience%5D;ps=1;~oref=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://11363283.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 0AE2 41 KB
22 KB 336ms
35ms Document
text/html 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=n1p7env6g3ab

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

9b516e1111a9f7629864a36160b6144e2a1362ce31dedabeb2ae030879f02cd3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1mbvA7v5BAC8DALioNx6UA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Jan 2022 18:05:27 GMT
content-security-policy: script-src 'report-sample' 'nonce-1mbvA7v5BAC8DALioNx6UA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21822
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 66A8 41 KB
22 KB 346ms
45ms Document
text/html 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=t9l2prmykha

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

055d4a357015ea0b5be593ca229d34c817c0405d51496906358bccbffe85bd25

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-r5JkGssIQ5DVlElfwJEFmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Jan 2022 18:05:27 GMT
content-security-policy: script-src 'report-sample' 'nonce-r5JkGssIQ5DVlElfwJEFmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22020
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2/s/0.6.31/ 52 KB
23 KB 538ms
122ms Script
application/javascript 40.90.64.8
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2/s/0.6.31/clarity.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5870833.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.90.64.8 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:27 GMT
content-encoding: br
etag: "1d7ffcbff747e00"
last-modified: Sun, 02 Jan 2022 11:29:26 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 051LoYQAAAAC8z9XMau3zTpPd8eR2qSKLRE5BRURHRTA0MDkANmNmYmVlZTAtNTAyNy00ODRiLTg5NjctNGEyOWFmNzdmMWUx
accept-ranges: bytes
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&RedC=c.clarity.ms&MXFR=172716F5B9866FF407E907C4BD8661E9
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&MUID=3155483E505C671E3514590F517566F1

42 B
440 B

14ms
13ms

Image
image/gif

20.36.253.92
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&MUID=3155483E505C671E3514590F517566F1
Protocol: H2
Server: 20.36.253.92 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:26 GMT
last-modified: Wed, 12 Jan 2022 02:05:35 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "9ea1ae3587d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25F1507FB1554B38A8C439F2572BBA93 Ref B: EWR30EDGE0207 Ref C: 2022-01-19T18:05:26Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=520C7262668A49FE9D85A432559EE1AD&MUID=3155483E505C671E3514590F517566F1
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
441 B 367ms
32ms XHR
text/plain 142.250.123.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-203244293-1&cid=40252334.1642615527&jid=1631228679&gjid=996330427&_gid=92367259.1642615527&_u=YCDAgEABAAAAAE~&z=1784987744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.123.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

gh-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 19 Jan 2022 18:05:27 GMT
content-type: text/plain
access-control-allow-origin: https://www.mandiant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
155 B 305ms
4ms Image
image/gif 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1341633542&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&ul=en-us&de=UTF-8&dt=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgEAB~&jid=1631228679&gjid=996330427&cid=40252334.1642615527&tid=UA-203244293-1&_gid=92367259.1642615527&gtm=2wg1c0T72STLD&cg1=blog&cg2=resources&cd2=Pageview&cd3=1642615525901.hkin97oc&cd4=2022-01-19T18%3A05%3A25.901%2B00%3A00&cd5=&cd15=alyssa%20rahman&cd16=dec%2013%2C%202021&gcs=G111&cd1=40252334.1642615527&z=562030197

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 04:20:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49480
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 305ms
4ms Image
image/gif 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1341633542&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&ul=en-us&de=UTF-8&dt=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Resource%20Type&ea=blog&el=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits&_u=YCDAgEABAAAAAE~&jid=&gjid=&cid=40252334.1642615527&tid=UA-203244293-1&_gid=92367259.1642615527&gtm=2wg1c0T72STLD&cg1=blog&cg2=resources&cd3=1642615526240.vyjfpln&cd4=2022-01-19T18%3A05%3A26.241%2B00%3A00&cd5=&cd15=alyssa%20rahman&cd16=dec%2013%2C%202021&gcs=G111&cd1=40252334.1642615527&z=1281453764

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 04:20:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49480
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 306ms
5ms Image
image/gif 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1341633542&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&ul=en-us&de=UTF-8&dt=Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6sense&ea=company%20details%20sent&el=%2Fresources%2Fhunting-deserialization-exploits&_u=YCDAgEABAAAAAE~&jid=&gjid=&cid=40252334.1642615527&tid=UA-203244293-1&_gid=92367259.1642615527&gtm=2wg1c0T72STLD&cg1=blog&cg2=resources&cd2=Event&cd3=1642615526460.obhiqxz&cd4=2022-01-19T18%3A05%3A26.460%2B00%3A00&cd5=&cd8=&cd9=Renshaw%20Americas&cd10=United%20States&cd11=Northern%20America&cd12=renshawamericas.com&cd15=alyssa%20rahman&cd16=dec%2013%2C%202021&gcs=G111&cd1=40252334.1642615527&z=925692519

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 04:20:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49480
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 0AE2 51 KB
24 KB 621ms
4ms Stylesheet
text/css 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=n1p7env6g3ab

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 0AE2 351 KB
139 KB 625ms
9ms Script
text/javascript 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 66A8 51 KB
24 KB 611ms
8ms Stylesheet
text/css 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 66A8 351 KB
139 KB 612ms
10ms Script
text/javascript 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 322ms
21ms Image
image/gif 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-203244293-1&cid=40252334.1642615527&jid=1631228679&_u=YCDAgEABAAAAAE~&z=2143906141

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 18:05:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 25ms
25ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=2ec8d91700080000e652e86119010000aef60200&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A27%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A26%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:27 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
b.clarity.ms/ 0
176 B 98ms
33ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Wed, 19 Jan 2022 18:05:27 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

POST
H2 204 collect Show response
b.clarity.ms/ 0
25 B 47ms
46ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Wed, 19 Jan 2022 18:05:27 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 webworker.js
www.google.com/recaptcha/api2/ Frame 0AE2 102 B
203 B 324ms
23ms Other
text/javascript 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=normal&cb=n1p7env6g3ab
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Wed, 19 Jan 2022 18:05:28 GMT

GET
H2 200 webworker.js
www.google.com/recaptcha/api2/ Frame 66A8 102 B
177 B 326ms
25ms Other
text/javascript 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq&co=aHR0cHM6Ly93d3cubWFuZGlhbnQuY29tOjQ0Mw..&hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&size=compact&cb=t9l2prmykha
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 18:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 1; mode=block
expires: Wed, 19 Jan 2022 18:05:28 GMT

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 21F4 7 KB
1 KB 327ms
26ms Document
text/html 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

a63b92f1e960bc1b90d92c25057606480fd68d9f7c2623e5f52191f4b58109d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SyhpjQtuKvFlVmnY/1VEOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Jan 2022 18:05:28 GMT
content-security-policy: script-src 'report-sample' 'nonce-SyhpjQtuKvFlVmnY/1VEOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1113
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame D1AB 7 KB
1 KB 328ms
25ms Document
text/html 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

GSE /

Resource Hash

1b965aaa4b8231f3091b159859025fd793a564a2bd167628ed1e0a7b00c82290

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XsM+IiH1CmK40I0KuPloHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 Jan 2022 18:05:28 GMT
content-security-policy: script-src 'report-sample' 'nonce-XsM+IiH1CmK40I0KuPloHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 21F4 51 KB
24 KB 305ms
4ms Stylesheet
text/css 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame 21F4 351 KB
139 KB 306ms
5ms Script
text/javascript 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 23ms
23ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=2ec8d91700080000e652e86119010000aef60200&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A28%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A27%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:28 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame D1AB 51 KB
24 KB 308ms
5ms Stylesheet
text/css 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ Frame D1AB 351 KB
139 KB 309ms
6ms Script
text/javascript 142.250.65.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=TDBxTlSsKAUm3tSIa0fwIqNu&k=6LdhgBgUAAAAAILakhHCM8iL5pygGB4jLnJbJFfq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f3.1e100.net

Software

sffe /

Resource Hash

f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:12:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141749
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 05:01:34 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Jan 2023 05:12:46 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 24ms
24ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=2ec8d91700080000e652e86119010000aef60200&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A29%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A28%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:29 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
b.clarity.ms/ 0
48 B 27ms
27ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mandiant.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://www.mandiant.com
date: Wed, 19 Jan 2022 18:05:29 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 30ms
29ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=2ec8d91700080000e652e86119010000aef60200&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A30%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A29%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224011%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:30 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 24ms
23ms Image
image/gif 23.217.47.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=2ec8d91700080000e652e86119010000aef60200&session=4171d3a5-0dc6-4842-822d-554191dfe11b&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A31%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2019%20Jan%202022%2018%3A05%3A30%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225012%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Now%20You%20Serial%2C%20Now%20You%20Don%E2%80%99t%20%E2%80%94%20Systematically%20Hunting%20for%20Deserialization%20Exploits%20%7C%20Mandiant%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.mandiant.com%2Fresources%2Fhunting-deserialization-exploits&pageViewId=9264f0ca-169f-4a9b-8c47-7a2595477bd1&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.47.10 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-47-10.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.mandiant.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 18:05:31 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mandiant.com/	1970-01-20 17:48:07	Name: _mkto_trk Value: id:565-PEI-952&token:_mch-mandiant.com-1642615525987-45063
.6sc.co/	1970-01-20 17:48:07	Name: 6suuid Value: 2ec8d91700080000e652e86119010000aef60200
www.mandiant.com/	1970-01-20 00:27:00	Name: _an_uid Value: 0
www.mandiant.com/	1970-01-20 17:48:07	Name: _gd_visitor Value: 085cfb94-a11b-46ed-825c-1aa2caf41f0d
www.mandiant.com/	1970-01-20 00:17:09	Name: _gd_session Value: 4171d3a5-0dc6-4842-822d-554191dfe11b
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 14b45e10312c4008
www.mandiant.com/	1970-01-20 17:48:07	Name: _gd_svisitor Value: 2ec8d91700080000e652e86119010000aef60200
.t.co/	1970-01-20 17:48:07	Name: muc_ads Value: 33acb76e-e2fe-4c13-8972-748cb7e0aa07
.twitter.com/	1970-01-20 17:48:07	Name: personalization_id Value: "v1_dHkI2hys7eifDIHq0uqB8Q=="
.mandiant.com/	1970-01-20 02:26:31	Name: _gcl_au Value: 1.1.774784811.1642615527
.bing.com/	1970-01-20 09:38:31	Name: MUID Value: 3155483E505C671E3514590F517566F1
.bat.bing.com/	1970-01-20 00:27:00	Name: MR Value: 0
.mandiant.com/	1970-01-20 17:48:07	Name: _ga_X6642ZTDJ7 Value: GS1.1.1642615525.1.0.1642615525.0
.mandiant.com/	1970-01-20 00:18:21	Name: _uetsid Value: 612f7f10795211ecbe9cc3eab8278fa0
.mandiant.com/	1970-01-20 09:38:31	Name: _uetvid Value: 612faf80795211eca3f0e3d58c2501e1
.doubleclick.net/	1970-01-20 17:48:07	Name: IDE Value: AHWqTUnYzUyRcIKN7BX0U3tkMCcdpUVt-jlXoMS22RnUQkuUiWWhreFww70-PCS8K1E
.mandiant.com/	1970-01-20 02:26:31	Name: _fbp Value: fb.1.1642615526697.603607252
.rlcdn.com/	1970-01-20 09:02:31	Name: rlas3 Value: wpD1CvK7PpDwRosPN3YUB7fjeAWzBi1w4Qe1EVw9ETg=
.rlcdn.com/	1970-01-20 01:43:19	Name: pxrc Value: COaloY8GEgUI6AcQABIGCMrdKhAA
.company-target.com/	1970-01-20 17:48:07	Name: tuuid Value: aa7562bf-1601-4dd4-a88e-2fa454d63c87
.company-target.com/	1970-01-20 17:48:07	Name: tuuid_lu Value: 1642615526
.c.bing.com/	1970-01-20 00:27:00	Name: MR Value: 0
.c.bing.com/	1970-01-20 09:38:31	Name: SRM_B Value: 3155483E505C671E3514590F517566F1
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 09:38:31	Name: MUID Value: 3155483E505C671E3514590F517566F1
.c.clarity.ms/	1970-01-20 00:27:00	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 00:16:56	Name: ANONCHK Value: 0
.mandiant.com/	1970-01-20 17:48:07	Name: _ga Value: GA1.2.40252334.1642615527
.mandiant.com/	1970-01-20 00:18:21	Name: _gid Value: GA1.2.92367259.1642615527
.mandiant.com/	1970-01-20 00:16:55	Name: _dc_gtm_UA-203244293-1 Value: 1
.doubleclick.net/	1970-01-20 00:16:56	Name: test_cookie Value: CheckForPermission
.facebook.com/	1970-01-20 02:26:31	Name: fr Value: 09oJBHgXHG3tJ26OX..Bh6FLn...1.0.Bh6FLn.
.linkedin.com/	1970-01-20 02:26:31	Name: li_sugr Value: 6445a2da-7cd2-4238-96d9-7e5a7c122219
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:48:49	Name: bcookie Value: "v=2&599c2dbf-0b9f-44f9-82f4-c7d3471e5836"
.linkedin.com/	1970-01-20 00:18:21	Name: lidc Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2215:u=1:x=1:i=1642615526:t=1642701926:v=2:sig=AQGXynh4jIO6YN8OmkVQZB5EBUYrY95T"
.linkedin.com/	1970-01-20 01:00:07	Name: UserMatchHistory Value: AQKgiSuS7ADVqQAAAX5zg9aTZQMfd36BKQSkFLmbd1WozkMwvphFT2p9whxeM7FgV4XFsdTSgMLKww
.linkedin.com/	1970-01-20 01:00:07	Name: AnalyticsSyncHistory Value: AQJM7Tel_p2mPwAAAX5zg9aTdnFhN9hvbR1Bs9KiAU3t6zoQL1Gapea_YMG09a_hcmUWGWx4MTKKeXJj9tXEpw
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 17:48:49	Name: bscookie Value: "v=1&20220119180527f670d47c-85d0-4a77-8ccf-ca2970fc7451AQGqZFKYjW_Tid8styGsgMaO_rKyg8U_"
.adsymptotic.com/	1970-01-20 02:26:31	Name: U Value: 44aca05b70bbda8abfa23312d822d8d0
.mandiant.com/	1970-01-20 09:02:31	Name: _clck Value: bkugjw\|1\|ey9\|0
.mandiant.com/	1970-01-20 00:18:21	Name: _clsk Value: p67jhb\|1642615527553\|1\|1\|b.clarity.ms/collect
.bidr.io/	1970-01-20 09:45:25	Name: bito Value: AABYGE7D0KYAAEEMeJWkzQ
.bidr.io/	1970-01-20 09:45:25	Name: bitoIsSecure Value: ok

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11363283.fls.doubleclick.net
565-pei-952.mktoresp.com
adservice.google.com
analytics.twitter.com
api.company-target.com
b.6sc.co
b.clarity.ms
bam.nr-data.net
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
connect.facebook.net
consent.trustarc.com
epsilon.6sense.com
googleads.g.doubleclick.net
id.rlcdn.com
j.6sc.co
js-agent.newrelic.com
match.prod.bidr.io
munchkin.marketo.net
p.adsymptotic.com
px.ads.linkedin.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
www.clarity.ms
www.facebook.com
www.fireeye.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.mandiant.com
104.16.18.94
104.18.101.194
104.244.42.195
104.244.42.197
13.107.42.14
13.225.230.15
13.225.230.34
142.250.123.154
142.250.65.162
142.250.65.163
142.250.80.8
142.251.32.100
142.251.40.110
142.251.40.166
142.251.41.2
151.101.2.137
151.101.248.157
162.159.241.125
162.159.246.125
162.247.242.20
172.67.39.148
184.51.146.152
192.28.144.124
20.36.253.92
20.75.32.255
204.79.197.200
23.10.86.114
23.217.47.10
31.13.71.36
31.13.71.7
34.200.179.101
34.232.192.29
35.190.60.146
40.90.64.8
68.67.181.207
99.84.125.50
99.84.42.111
03bef1eeac54d221d1da744095e12a9caae78fb47a16f0d9a7598fa83cd79fcf
055d4a357015ea0b5be593ca229d34c817c0405d51496906358bccbffe85bd25
06731aa38709091d322421570a6a1e1d7acb85e2e33d891061a5d3eb5441e787
07ed649e749e9698e805596809e2ede372229183ddb6b38fc96f696cff02f085
0c9ab3e7109f42ef98afbad438ec60278ecafc571622d8b190a35c733dbcc0f6
0e9abb2e9cdcdedebb079ffd753146eaf162ad7d2a7928e04f01bf2d15c69da2
0eab324aea216ff6432155a5cdbd59b7c1429f7d27be852f9dd037c7ade0377c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14dd2c4aaca337d9bb05d439562904a183f2085bafd40e9ff99c8803e4f93a2c
16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b
1b965aaa4b8231f3091b159859025fd793a564a2bd167628ed1e0a7b00c82290
1bb508d41bf1d0c5d56340c7df789b6589350a5f967e1fa937bee5c148d0cb0d
26e6996216334ee71ef0bdc967a8f41b264eb3687fe5f12022de519368120c59
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
2e43f7a38d8201edd50651f72b8fc36098232f5cb753d4062fd925746615f5c8
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34e89fde702aa592d82afbb8d98034150cb3a2e6bd67a922af1edd106cf87fe8
381962c3f2fb0a5236950b7486267cb6a0eef9a0fe6ffae827e1359129eaaa0c
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e209d33f946ce05466bf7ca7fe5bd746225b66c8f908a11c48f462667d55ea9
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4c0f4aadc6e2937678993e6af1963ad6fab4853f3d9f0a59ded2aff9d626bda2
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5b5f56ebdd16010daac79026e0aec23a4b6c71691ce114a07faa9bf4cb4df7e7
5bcbb06a20e06d0ba57982a791b549e7d6405b70c5c798a3e9a3cff56d537a32
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
60ce0736b285b2ccdcd72f23cdf3c98c28645a2b7a60142d0b102b12492129f9
762bc62721580cd804e80ef3be945628fb5d4ebaa24dba64c13759d25809cc52
76bf4c91ebc194a1153f859d5aae43285d1d1315fd56615f0da490003ee1b20f
7b7eb2b28fbf8ad29058540ee28e8b49701e0e47351ff25d3b688fcef9b2a88a
8200a9267a1b2dd41b67ce978032fb13c95ecd391600cb7e2e236f96383ae564
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b34f175a9850d098edfacb50c3bb97a22975fa0d18570d11fc076676a87781
88cb9efe9226cab0669f7f6cdf082ec49a48a58f6411b69864b6f952928b979a
89eb112ae49036ce338e1ca36823362e6708e4145d41e7f0c0eb1a3a8f70dafb
90bd638b64a7fcd93dfbbf957101258b10a45356e25425e6e1fb04f868339a4f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b516e1111a9f7629864a36160b6144e2a1362ce31dedabeb2ae030879f02cd3
9b6ab0f2d7d85d5283a684fbcdfcbd2e51698ded09fbc0396b34285a846133db
9ba17fa97dfcf22b549ac3362f681c82a8c654a5a9a63f8e4a6a071c8f049c17
9ca4ce05a9eeb9d9183e71055a57e6759763581b4a9b0e0b801f3cb4114bbb77
9ec192b1be13b5eb7d11e7c8a0f1466ef236e4ba88182bb4cec76a2c7919464e
9ee33831b0f69f4fd2300024df8f2488a4a7a4093cfcc5e28062e128308478f9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a63b92f1e960bc1b90d92c25057606480fd68d9f7c2623e5f52191f4b58109d8
ab007a7e19fbdc78b55cdb827fab406612e79656b6ae9cc7fdc863e63dbbd619
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b2cb383a30bee467e40ecebb49e4229b1b57efcc2c7632c921cd170a75c74d24
b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfbbb6a8bb9482b6bddbba133d70d9ac28fea886ede20ecdaf3110d5c70dba6c
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7e80c5f3390f1810ce6c26f926fb89c162791615549c7a7f964d4c5112e0d0
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfaed587b938cc953c5008f257ed1e661e9d2e2f907bd5b520fc4b9348985a88
dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
e9449a6dfd1bd67439005512d7ad7652d88a43343403224d9e5d0e8a17195e60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f269cafacd48c650b7c76973b7192a4593125d9b957bfa3b57a89e835ec0df1f
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f8bf0b735b32ad006ebb24281f26003602080d6da979243af106c1962777cac6
fe3bfdac05de97234a1a81c7f09c87f14708cf7bd9a341a63e68613c3c6e40d6
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.mandiant.com Open in urlscan Pro 162.159.241.125 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

98 Requests

95 %HTTPS

0 %IPv6

31 Domains

41 Subdomains

34 IPs

2 Countries

3155 kBTransfer

5971 kBSize

45 Cookies

51 Outgoing links

Redirected requests

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mandiant.com Open in urlscan Pro
162.159.241.125 Public Scan

Screenshot
Live screenshot

Full Image

98
Requests

95 %
HTTPS

0 %
IPv6

31
Domains

41
Subdomains

34
IPs

2
Countries

3155 kB
Transfer

5971 kB
Size

45
Cookies

98 HTTP transactions
0 data transactions