www.praetorian.com Open in urlscan Pro
146.148.61.165  Public Scan

20 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3767322%26time%3D1706549512662%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252Fblog%252Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQIoYzZOuVctowAAAY1WRwvhlPAD9gUMB7q7Ug1tApzzC-ISAQfXSGDPLk55R7DEQ37irH35ttK-

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/	122 KB 25 KB	598ms 188ms	Document text/html	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / WP Engine Resource Hash 64465a51903a8a2c49dbee5e3c83e95e8471620d4b139b3a8092502469baa38b Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=600, must-revalidate content-encoding br content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-type text/html; charset=UTF-8 date Mon, 29 Jan 2024 17:31:51 GMT expires Thu, 19 Nov 1981 08:52:00 GMT link <https://www.praetorian.com/wp-json/>; rel="https://api.w.org/" <https://www.praetorian.com/wp-json/wp/v2/posts/484>; rel="alternate"; type="application/json" <https://www.praetorian.com/?p=484>; rel=shortlink pragma no-cache server nginx vary Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie x-cache HIT: 1 x-cache-group normal x-cacheable SHORT x-frame-options SAMEORIGIN x-powered-by WP Engine
GET H2	200	22265125.js Show response js.hs-scripts.com/	2 KB 1 KB	363ms 254ms	Script application/javascript	2606:4700::6810:bc59 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/22265125.js Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bc59 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ce6ba427d7d72305621fcfb802a14f4aff7cd516782fec7b59850fb4018d070c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 8a8351b1-41bc-43b8-adc3-5385f058ef18 x-envoy-upstream-service-time 75 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8a8351b1-41bc-43b8-adc3-5385f058ef18 last-modified Mon, 29 Jan 2024 16:28:59 GMT server cloudflare x-trace 2BB3C351E1A9C2225810D845FB1AEDF8EBDE473D97000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-virtual-host all cache-control public, max-age=90 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-8jdch cf-ray 84d3360e5e956921-FRA expires Mon, 29 Jan 2024 17:33:21 GMT
GET H2	200	magnific.css www.praetorian.com/wp-content/themes/studio-simpatico/css/	7 KB 2 KB	146ms 142ms	Stylesheet text/css	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/css/magnific.css?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 19:25:12 GMT server nginx etag W/"650c9898-1b27" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	yng4pbv.css use.typekit.net/	8 KB 1 KB	922ms 714ms	Stylesheet text/css	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/yng4pbv.css?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 8f86d82c79073ffc876c2fdd10fe4b208a3a445c5ea331fadccc465a154b9a66 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip date Mon, 29 Jan 2024 17:31:52 GMT server nginx vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 1083
GET H2	200	style.css www.praetorian.com/wp-content/themes/studio-simpatico/	338 KB 60 KB	270ms 268ms	Stylesheet text/css	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash adaef5107a926385b86fe49b479ed955d7b8784cc6f2e743ec04d0f4a8355e16 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Fri, 10 Nov 2023 17:08:39 GMT server nginx etag W/"654e6397-5493e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	jquery.min.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	87 KB 32 KB	143ms 141ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/jquery.min.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:54 GMT server nginx etag W/"650c84d6-15d94" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	js Show response www.googletagmanager.com/gtag/	283 KB 94 KB	106ms 59ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash d6304a280c80fc9faa50e83b1696773985a4852c13a687eb4c542461ce376c03 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 95929 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 29 Jan 2024 17:31:52 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	235 KB 83 KB	82ms 35ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 0d4d4915da3ea20ef96961298423fb461371ab650f63360c7bbdf6c279b38581 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 84250 x-xss-protection 0 last-modified Mon, 29 Jan 2024 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 29 Jan 2024 17:31:52 GMT
GET H2	404	gtm.js www.googletagmanager.com/	0 0	79ms 32ms	Script text/html	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-54H7Q6G Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers
GET H2	200	hotjar-2851712.js Show response static.hotjar.com/c/	10 KB 5 KB	157ms 77ms	Script application/javascript	13.32.110.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2851712.js?sv=6 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.110.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-110-53.vie50.r.cloudfront.net Software / Resource Hash 6ac61b38d8d2e0069b0f29e700592555a46ece07a22c8d564e2d8edc1a37790f Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers strict-transport-security max-age=2592000; includeSubDomains content-encoding br x-content-type-options nosniff date Mon, 29 Jan 2024 17:31:52 GMT via 1.1 437caaa82b2f94aeac2747f293235378.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-C2 etag W/1fa4b508cd12df4e44958410dcdfb528 vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cache-control max-age=60 cross-origin-resource-policy cross-origin x-amz-cf-id dxF3L0efqkuLrSiMWteu9nEbzsRjGy9Gxcw__Z_MDTTmLe-02J1VcA==
GET H2	200	v2.js Show response js.hsforms.net/forms/embed/	477 KB 152 KB	106ms 34ms	Script application/javascript	2606:4700::6810:88ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsforms.net/forms/embed/v2.js Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3d9631a6eecd3c696b5372ac6262b703f7ea78887352bbe355b63a1d58d07fa6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers content-encoding br age 380 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4595/bundles/project-v2.js&cfRay=84d32cc64834caed-FRA x-amz-replication-status COMPLETED x-evy-trace-listener listener_https etag W/"ba1aaa218e72705a30bcac95320aa5c4" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all cache-control s-maxage=600, max-age=300 x-hs-target-asset forms-embed/static-1.4595/bundles/project-v2.js date Mon, 29 Jan 2024 17:31:51 GMT x-amz-version-id UK3vPLGmoSHXmNc21won1jEM7or3X6mK via 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop IAD12-P3 x-hubspot-correlation-id c2e149a1-7126-40f7-96ef-1dc2c09841c1 x-cache Hit from cloudfront cache-tag staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-request-id c2e149a1-7126-40f7-96ef-1dc2c09841c1 last-modified Mon, 29 Jan 2024 16:17:51 UTC server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GXqL0vl6VKfU0EgJYOQGqYuthqprGp1vJ3p2yB0ebnpSk7aoJFJ8FHwstIeLZejBfuT3dXwDqJtqwIXZgQjIKXVKd9BNOBg0gOeFhaP4Vkx9%2FkmBZzE1MDEPSR6YE%2FYKvacyDXmx85I8zHD"}],"group":"cf-nel","max_age":604800} x-hs-cache-status HIT x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-p98rp cf-ray 84d3360e9b579957-FRA x-amz-cf-id _Ruqf_5rITTWXO3Z-39rHjLq0G2upsbgsN4VLfBANbOXZw4PD-NsqA==
GET H2	200	5cdc92a995678d72fbf256c3_20140811-arp-cache.png.webp www.praetorian.com/wp-content/uploads/2021/02/	19 KB 20 KB	229ms 226ms	Image image/webp	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/uploads/2021/02/5cdc92a995678d72fbf256c3_20140811-arp-cache.png.webp Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 36f074fa1a909e21ba19db9ac7d699403258c53257c89b54543628e7c84e03c8 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; last-modified Thu, 21 Sep 2023 18:00:31 GMT server nginx etag "650c84bf-4dc4" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 19908
GET H2	200	5cdc9328fcbd747340785c63_20140811-mitm-attack.png.webp www.praetorian.com/wp-content/uploads/2021/02/	29 KB 30 KB	229ms 226ms	Image image/webp	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/uploads/2021/02/5cdc9328fcbd747340785c63_20140811-mitm-attack.png.webp Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash f8e93c8909f4149608c9be00636db60f67fe724530927343f25637a90165be81 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; last-modified Thu, 21 Sep 2023 18:00:31 GMT server nginx etag "650c84bf-751a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 29978
GET H2	200	5cdc9429e09fa5adaf731ac7_20140811-tls-vs-ssl-2.png.webp www.praetorian.com/wp-content/uploads/2021/02/	50 KB 51 KB	228ms 226ms	Image image/webp	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/uploads/2021/02/5cdc9429e09fa5adaf731ac7_20140811-tls-vs-ssl-2.png.webp Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 72d30141ad2071e24e44dfa82ee1177297a71280016aafa52b2bfc0de1909c39 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; last-modified Thu, 21 Sep 2023 18:00:31 GMT server nginx etag "650c84bf-c84e" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/webp access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes content-length 51278
GET H2	200	22265125.js Show response js.hs-scripts.com/	2 KB 832 B	327ms 326ms	Script application/javascript	2606:4700::6810:bc59 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/22265125.js?integration=WordPress&ver=10.2.23 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bc59 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 71ba80d680191ea197c6605411ff527fad55d6b79b165d73bf114a9b4abcc356 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 9db4f8a9-1482-4bcf-9d18-b123d47d5afc x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 9db4f8a9-1482-4bcf-9d18-b123d47d5afc last-modified Mon, 29 Jan 2024 16:28:59 GMT server cloudflare x-trace 2B75550C1C4C71F6B808E68F9CF7D1202CD63291BD000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-virtual-host all cache-control public, max-age=90 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-jtmvq cf-ray 84d33610595f6921-FRA expires Mon, 29 Jan 2024 17:33:22 GMT
GET H2	200	gtm4wp-form-move-tracker.js Show response www.praetorian.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/	1 KB 771 B	130ms 130ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js?ver=1.19.1 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 8b851243dfb01d421b9ad1b062622a23f230c32184a70c07b6e75908bf682961 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Tue, 02 Jan 2024 16:29:55 GMT server nginx etag W/"65943a03-472" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	22265125.js Show response js.hs-scripts.com/	2 KB 796 B	160ms 160ms	Script application/javascript	2606:4700::6810:bc59 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/22265125.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:bc59 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4d544fc697a96dc5d14ba5a1f7e62137d03e01a714510a2868f65b2a40c555a8 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status EXPIRED x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id eda67e00-8bf2-4d45-a36d-fe9ab94ee398 x-envoy-upstream-service-time 29 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id eda67e00-8bf2-4d45-a36d-fe9ab94ee398 last-modified Mon, 29 Jan 2024 16:28:59 GMT server cloudflare x-trace 2BB5BB0FCC113A821B5417157B55428C72F32752D8000000000000000000 vary origin, Accept-Encoding access-control-max-age 3600 content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-virtual-host all cache-control public, max-age=90 access-control-allow-credentials true x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-jk9qf cf-ray 84d336116ab76921-FRA expires Mon, 29 Jan 2024 17:33:22 GMT
GET H2	200	jazzyscroll.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	16 KB 4 KB	131ms 131ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/jazzyscroll.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 71f19df3aba2328790c3e99bc8d953e9c4f6458d5b6912a6331470e9312dbf87 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 19:25:12 GMT server nginx etag W/"650c9898-403a" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	js.cookie.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	2 KB 1 KB	252ms 252ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/js.cookie.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 99ec625496b7f34e052ddcc9d5e3643c5bd183e946b055e850f65a0879a4836f Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:53 GMT server nginx etag W/"650c84d5-9cd" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	magnific.min.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/library/	20 KB 8 KB	253ms 252ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/library/magnific.min.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash fc7109dd6428c821842660a87bda6494e52c0f4ecad22105a1aed87e440ee0b1 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 19:13:12 GMT server nginx etag W/"650c95c8-4f29" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	blog-popup.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	441 B 738 B	148ms 148ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/blog-popup.js?ver=1695319253 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash f1a0d0694a41fb7dd9990aa51d8980b09d95fa89b0ddd913e30522bc88ccb442 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:53 GMT server nginx etag W/"650c84d5-1b9" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	slick.min.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	42 KB 11 KB	140ms 137ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/slick.min.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:53 GMT server nginx etag W/"650c84d5-a76f" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	script.js Show response www.praetorian.com/wp-content/themes/studio-simpatico/js/	18 KB 6 KB	164ms 162ms	Script application/javascript	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/js/script.js?ver=6.4.2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash f356132e6b9867717ed63d631f7fd44dbb95abd7f2dcbb9775fb93e69e40550f Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Tue, 21 Nov 2023 16:13:28 GMT server nginx etag W/"655cd728-4840" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	69 KB 25 KB	172ms 130ms	Script application/javascript	2606:4700::6811:599a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/22265125.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:599a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.praetorian.com/ Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-amz-version-id JAkD5shSwdxe4gNEROP8R.wQbdFvcCSE via 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status EXPIRED x-amz-cf-pop IAD12-P3 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 605aa189-5a0e-4701-90ad-303e530a17e3 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.451/bundles/project.js&cfRay=84d336145f681d86-FRA x-cache Hit from cloudfront cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 605aa189-5a0e-4701-90ad-303e530a17e3 last-modified Wed, 03 Jan 2024 09:59:36 UTC server cloudflare etag W/"dc52d8d37d1323196ca91b50795df6c4" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * x-evy-trace-virtual-host all x-hs-cache-status HIT cache-control s-maxage=600, max-age=300 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-b77s7 cf-ray 84d336145f681d86-FRA x-amz-cf-id z7_CI_EroSm5iHaT-947FT9zFOmJNLK7ke8czvNc5X7MybAFHNpOag== x-hs-target-asset collected-forms-embed-js/static-1.451/bundles/project.js
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	86ms 32ms	Script application/javascript	2606:4700::6811:e5a3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/22265125.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:e5a3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 91d1bde942744d48fec9019c7b87b351f7a165e544d59fcbb4e43f3309be4ab9 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-amz-version-id gvApL1OxjF_N9vv.KngIIs22vbExO7Ym via 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 32 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.514/bundles/pixels-release.js&cfRay=84d3354b789a1959-FRA x-cache Hit from cloudfront x-hubspot-correlation-id 79ca2781-83eb-4b7f-97a1-be4b2d45d8a4 cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 1 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 79ca2781-83eb-4b7f-97a1-be4b2d45d8a4 last-modified Tue, 23 Jan 2024 14:51:49 UTC server cloudflare etag W/"67b4606337c5c72b80dacfb036530227" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-lqtcn cf-ray 84d336146f9e380a-FRA x-amz-cf-id N_gpYipE1rEJLMQUktxqeiXPgF1cYH1Gze-uEP55uon4TOMhQOnpHA== x-hs-target-asset adsscriptloaderstatic/static-1.514/bundles/pixels-release.js
GET H2	200	banner.js Show response js.hs-banner.com/v2/22265125/	65 KB 21 KB	180ms 137ms	Script text/javascript	2606:4700:4400::ac40:991b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/22265125/banner.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/22265125.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5001e38ec654af719bbdaa5d1be3ad974c35cbc3a98c8a8c62d68358a2b55483 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-amz-version-id 7G8g2iCj_RVy0_66LcCNkR6BkBJAabjA content-encoding br cf-cache-status REVALIDATED x-amz-request-id 3K7MKX44T0YF88A8 x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id acb3b625-452e-4184-abf5-9cd4ace43fa0 x-envoy-upstream-service-time 60 x-amz-id-2 dZEV9Yf6e7fh8i0LEpypY1ZghQz4nb3miQ25Ir3dCARIWb8AD3EK8LVkDkbTyE7XB37t8+OZiCQ= x-evy-trace-listener listener_https x-request-id acb3b625-452e-4184-abf5-9cd4ace43fa0 x-evy-trace-route-configuration listener_https/all last-modified Thu, 11 Jan 2024 23:20:58 GMT server cloudflare etag W/"ef43025db00e13c84390eb361084ea96" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-virtual-host all access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300,public access-control-allow-credentials true x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-z8lck vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 84d336145b281e6a-FRA expires Mon, 29 Jan 2024 17:36:52 GMT
GET H2	200	22265125.js Show response js.hs-analytics.net/analytics/1706549400000/	66 KB 21 KB	494ms 431ms	Script text/javascript	2606:4700::6810:4eba CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1706549400000/22265125.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/22265125.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4eba , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 69a0d01bc23be63dc8c11d606633052b5c1a444ecb626a9a6b49669d7570ebe7 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id M47F7K35RCYEWFVZ x-evy-trace-route-service-name envoyset-translator x-amz-server-side-encryption AES256 x-hubspot-correlation-id 32958c08-50f8-4d64-a954-c2dcc6af7c45 x-envoy-upstream-service-time 25 x-amz-id-2 +hMO01GB8gXDgzoeuM4sbDmVSLTRRczBxnI0qPf94mZGs0tmfz1jB4/SUT6X0BTo5XzRRj1fwxo= x-evy-trace-listener listener_https x-request-id 32958c08-50f8-4d64-a954-c2dcc6af7c45 x-evy-trace-route-configuration listener_https/all last-modified Wed, 03 Jan 2024 17:04:32 GMT server cloudflare etag W/"f65867d2b3ded9d6f0cdaf965a9c99ea" vary origin, Accept-Encoding content-type text/javascript x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-4t4jr cache-control max-age=300,public access-control-allow-credentials false cf-ray 84d336147a919b67-FRA expires Mon, 29 Jan 2024 17:36:52 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	85 KB 24 KB	79ms 28ms	Script application/javascript	2606:4700::6811:fba8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: js.hs-scripts.com URL: https://js.hs-scripts.com/22265125.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:fba8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37f02346ff32981bfd84b583b897bb86929cd0766f3be6edb7955b0cbb6a4486 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-amz-version-id Z_NdX.Tfh0BDuVC8GbJSkntuE8i.GL_I via 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront) x-content-type-options nosniff cf-cache-status HIT x-amz-cf-pop IAD12-P3 age 550 x-amz-server-side-encryption AES256 x-evy-trace-route-service-name envoyset-translator content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15266/bundles/project.js&cfRay=84d328a75aae2bbc-FRA x-cache Hit from cloudfront x-hubspot-correlation-id f6af6456-7ef1-46f7-a870-7160b10d6b8d cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod content-encoding br x-envoy-upstream-service-time 0 x-amz-replication-status COMPLETED x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id f6af6456-7ef1-46f7-a870-7160b10d6b8d last-modified Fri, 26 Jan 2024 14:19:32 UTC server cloudflare etag W/"3c966aa247d07af07df5431d0d68e3ac" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT x-evy-trace-virtual-host all cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-r6fcc cf-ray 84d336146b162be4-FRA x-amz-cf-id L_0ZpkfVp9asjvYVl9mdxN8BPw27XXh7qEJAQQIAmVIdHrTINSUv3A== x-hs-target-asset conversations-embed/static-1.15266/bundles/project.js
GET H2	200	p.css p.typekit.net/	5 B 172 B	96ms 21ms	Stylesheet text/css	2a02:26f0:780::210:a469 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=yng4pbv&ht=tk&f=26911.26913.34691.34692.34693.34697.34701.36466.36470.36471.36473&a=23300812&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:780::210:a469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language de-DE,de;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT last-modified Fri, 23 Jun 2023 17:09:47 GMT server nginx etag "6495d1db-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
GET H2	200	hotjar-2358062.js Show response static.hotjar.com/c/	0 431 B	166ms 88ms	Script application/javascript	13.32.110.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2358062.js?sv=5 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.110.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-110-53.vie50.r.cloudfront.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers strict-transport-security max-age=2592000; includeSubDomains date Mon, 29 Jan 2024 17:31:52 GMT x-content-type-options nosniff via 1.1 437caaa82b2f94aeac2747f293235378.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-C2 etag W/d41d8cd98f00b204e9800998ecf8427e vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cache-control max-age=60 cross-origin-resource-policy cross-origin content-length 0 x-amz-cf-id kvIKWAB0v-S1La4O-bOVPz3xpX0brvmuaXwgUNLODc5Hhvtv4hQ6Ow==
GET H2	200	nav-active.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	1 KB 1023 B	157ms 156ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/nav-active.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 6a980933b39409d97cd947dd6dc1837de2e49e87c7d9903122adb293cc8404cf Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-41e" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	l use.typekit.net/af/e40556/00000000000000007735adbc/30/	44 KB 45 KB	356ms 229ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/e40556/00000000000000007735adbc/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash a60e4a6f8b89cbd1debcd7f90a0e60099a7caa9490a3c5305b18cb094c53dd4b Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "f3cafd088bc07c2d3ded8cc91e0729be713189cf" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 45396
GET H2	200	l use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/	21 KB 21 KB	322ms 195ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 878130b86e81304bd9d8afd8a8c5bc6c2d03194a3917e5bab3ddfa9eb3a07cb3 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "22cae4f69d39ee6531cf5c3445fc374f7c7869cc" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 21636
GET H2	200	l use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/	21 KB 21 KB	204ms 77ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash b475b2648fbcf6b9f1535198a5f52c11dc0bb9ed88bbf93d39eb1be9a391edc4 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "1a48bcc440a68538029c6482155125eab9fb73c6" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 21352
GET H2	200	l use.typekit.net/af/7c9acc/00000000000000007735adc8/30/	44 KB 44 KB	363ms 237ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/7c9acc/00000000000000007735adc8/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash b084305ba75c61a6309a9dec021937b5d7674640f9017527dda68bf72312e882 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "16adcf7e4da5d53f928f7fcda315b413887cac41" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 45284
GET H2	200	l use.typekit.net/af/09940c/00000000000000007735a996/30/	26 KB 26 KB	791ms 664ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/09940c/00000000000000007735a996/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 417debb36c2433e8aac621b9b88cef9aee936879ee30051b8724b606bcc84fd9 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT server nginx etag "accde79d00f44e34fcec986689bcda82817c4a98" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 26132
GET H2	200	l use.typekit.net/af/3f8415/00000000000000007735a9bb/30/	25 KB 26 KB	472ms 346ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/3f8415/00000000000000007735a9bb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 97c93526e3f8fe46ecf144bbe83442d7e0d6458021d47039b7db77b32918f530 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "8cb803a20ad97d966652b2c079d44eb6f5146fdd" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 25940
GET H/1.1	200 OK	json Show response forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/	7 KB 3 KB	212ms 168ms	XHR application/json	2606:4700::6812:b07d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/json?hs_static_app=forms-embed&hs_static_app_version=1.4595&X-HubSpot-Static-App-Info=forms-embed-1.4595 Requested by Host: js.hsforms.net URL: https://js.hsforms.net/forms/embed/v2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 285e10e0a94f24d7d077030fe375db6a4228a2c26f48f4fc35364106ffee4a0d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers X-Origin-Hublet na1 Date Mon, 29 Jan 2024 17:31:52 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC Content-Encoding br x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id c7f78137-336f-4485-b3d5-ffc4e2c7f6fa Transfer-Encoding chunked x-envoy-upstream-service-time 20 Connection keep-alive alt-svc h3=":443"; ma=86400 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c7f78137-336f-4485-b3d5-ffc4e2c7f6fa Server cloudflare X-Trace 2BFCB1A12804D4BE2A62F1AAC67C95EE5DCC85CF3B000000000000000000 Vary origin Access-Control-Allow-Methods OPTIONS, GET Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://www.praetorian.com x-evy-trace-virtual-host all Access-Control-Expose-Headers X-Origin-Hublet Access-Control-Max-Age 180 Access-Control-Allow-Credentials false Cache-Control max-age=0, no-cache, no-store X-Robots-Tag none Access-Control-Allow-Headers * CF-RAY 84d33614aeed3a64-FRA x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-547b899f8d-6g6zx
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	43 KB 16 KB	150ms 53ms	Script application/javascript	2a02:26f0:3100::1735:29fa AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:29fa Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 23 Jan 2024 14:42:29 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=32983 accept-ranges bytes content-length 15732
GET H2	200	btn-arrow.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	2 KB 1 KB	135ms 135ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-arrow.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 1b52c6a2e51fe8d9a185649b9b7cffb2c1862ec60cf612070432c1ac4109c06e Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-7f2" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	watermark-logo-thin.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	10 KB 5 KB	134ms 134ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-logo-thin.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 1f23f74bd4bda9fc5092ba34675f43d4acf2e635010a21effeaca79d7ea5d458 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 19:28:51 GMT server nginx etag W/"650c9973-2691" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	hexagon-plain.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	902 B 957 B	134ms 134ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/hexagon-plain.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash f7085b8cb031174e44bfff6d7a12f931bf5948b9cb9d6997814dc7812464fce7 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-386" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	watermark-footer.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	6 KB 3 KB	208ms 208ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-footer.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 202f0d4e1127ce8b1a3029ac6724c6c081d5b7936b0c81ea3f42862618fc22c6 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-16ff" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	l use.typekit.net/af/8c6bd4/00000000000000007735add4/30/	41 KB 41 KB	236ms 132ms	Font application/font-woff2	2a02:26f0:3100::1735:2a11 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/8c6bd4/00000000000000007735add4/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/yng4pbv.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100::1735:2a11 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 002e2233a375926192bdceada5c2ee2deee23ad3b7a8610622807a383fa3a2b9 Request headers Referer https://use.typekit.net/yng4pbv.css?ver=6.4.2 Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT server nginx etag "19a8e44e9a79f0d1a802216078014a3a985d3ce8" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 41840
GET H2	200	js Show response www.googletagmanager.com/gtag/	247 KB 85 KB	34ms 33ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash fbde199c03a26267f23ebc20239d6dd8df87115a0844d9220cdaa0f32775e7ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 86945 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 29 Jan 2024 17:31:52 GMT
GET H2	200	hotjar-2851712.js Show response static.hotjar.com/c/	10 KB 5 KB	35ms 35ms	Script application/javascript	13.32.110.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2851712.js?sv=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.110.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-110-53.vie50.r.cloudfront.net Software / Resource Hash 6ac61b38d8d2e0069b0f29e700592555a46ece07a22c8d564e2d8edc1a37790f Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers strict-transport-security max-age=2592000; includeSubDomains content-encoding br x-content-type-options nosniff date Mon, 29 Jan 2024 17:31:52 GMT via 1.1 437caaa82b2f94aeac2747f293235378.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-C2 etag W/1fa4b508cd12df4e44958410dcdfb528 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * x-cache-hit 1 cache-control max-age=60 cross-origin-resource-policy cross-origin x-amz-cf-id 5i_lglFfaLPAer1n4xjZI2hsehiX19zFw8QK_J056vfKP8NoS_eq6w==
GET H2	200	pixel.js Show response grow.clearbitjs.com/api/	100 B 348 B	297ms 194ms	Script text/javascript	216.24.57.3 RENDER
General Check archive.org Show headers Download Go to Full URL https://grow.clearbitjs.com/api/pixel.js?v=1706549512479 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.24.57.3 , United States, ASN397273 (RENDER, US), Reverse DNS Software cloudflare / Resource Hash 6c4bdad53042e2bd6e5a231bfcd66d19dc33f507edc2b847ff3c58aca74ff138 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br server cloudflare rndr-id 39f4a315-3bae-4836 x-render-origin-server Render vary Accept-Encoding content-type text/javascript cf-ray 84d33615b99d6ae6-FRA alt-svc h3=":443"; ma=86400
GET H2	403	tags.js tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/	0 0	270ms 198ms	Script application/javascript	2600:9000:2190:a600:7:d7d6:3c40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/tags.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2190:a600:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Clearbit / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:51 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - via 1.1 4ee178becf6bd81a5ce90c64ae0621b4.cloudfront.net (CloudFront) server Clearbit strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop ZRH50-C1 vary Accept-Encoding x-cache Error from cloudfront content-type application/javascript;charset=utf-8 cache-control private, max-age=600 x-amz-cf-id LAIhPyFdLklPGjCVgL41OalLS-bxAScqqqu4LYE7rcJMrYc_NJVK_w==
GET H2	200	tag.aspx Show response ml314.com/	31 KB 10 KB	91ms 22ms	Script application/javascript	34.117.77.79 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ml314.com/tag.aspx?290 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 79.77.117.34.bc.googleusercontent.com Software UploadServer / Resource Hash b2fe03efc1e879c2c5bd27bf86f71ad3790b0d6765498480f4c8071fa7f59051 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:28:29 GMT via 1.1 google content-encoding br age 203 x-guploader-uploadid ABPtcPoesIVjA2Ehb0UD6hcHhJkdZ_zUh0OnM1pyZ5doyvcvyxxnk-lOh7vQh8pjEqLUII00p54 x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 10218 last-modified Mon, 18 Dec 2023 20:13:43 GMT server UploadServer vary Accept-Encoding x-goog-hash crc32c=P2fgBQ==, md5=IwpC9BBrIFbFRmT73giztw== x-goog-generation 1702930423872068 content-language en content-type application/javascript cache-control public,max-age=3600 x-cache-hit hit x-goog-stored-content-length 32241 accept-ranges bytes cache-id FRA-fa985ced
GET H2	200	js Show response www.googletagmanager.com/gtag/	283 KB 94 KB	37ms 37ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e8092b9e55c92d441a55d7e7fd2332ffecf95a74662e2fa93fa733134e29c3d3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 96087 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Mon, 29 Jan 2024 17:31:52 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 247 B	71ms 27ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-FCP1DZPL64&gtm=45je41o0v9105375649&_p=1706549511332&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=184895320.1706549513&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1706549512&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&dt=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1840 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.praetorian.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	modules.f7c079ad889f2e18ab73.js Show response script.hotjar.com/	219 KB 55 KB	72ms 24ms	Script application/javascript	13.32.27.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2851712.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-107.fra56.r.cloudfront.net Software / Resource Hash 5a3879074dea690800b8491c5a894a41e2d5ca26d4af8b7972b2076e85e18dbe Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 09:47:06 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C2 age 27886 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 55790 last-modified Mon, 29 Jan 2024 09:46:56 GMT etag "db54b22d4ad9637410bc29bc2f380fee" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id v_fezUdtWGFRK-58Q8hV8oYCm3H45GdSvZVnIVvlnlbH73YmErBMNg==
OPTIONS H2	200	public api.hubspot.com/livechat-public/v1/message/ Frame	0 0	199ms 149ms	Preflight text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=22265125&conversations-embed=static-1.15266&mobile=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&traceId=3e6c71c262ae4be398b35eff8e9a9c00 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers x-hubspot-messages-uri Access-Control-Request-Method GET Origin https://www.praetorian.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers access-control-allow-credentials false access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.praetorian.com allow HEAD,GET,OPTIONS cf-cache-status DYNAMIC cf-ray 84d33615bc543a4a-FRA content-length 18 content-type text/plain; charset=utf-8 date Mon, 29 Jan 2024 17:31:52 GMT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5NSW0ZKepG4KCzfwwt0ThJFQS587tR5P5i%2FyIvGydwmwsyRxdqM0p2Tf9f2I8oQhuusbKxN4HpPIxro3rmg8uvIcMkEtx6GMULZWVJcm3%2FRnaehWFT6PfQvt7zwy2MLZPSW65cL008GBhYaUA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding x-content-type-options nosniff x-envoy-upstream-service-time 5 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-8jdch x-evy-trace-virtual-host all x-hubspot-correlation-id 4cdd3cf5-ee11-46ec-a4b0-918670e93eb3 x-request-id 4cdd3cf5-ee11-46ec-a4b0-918670e93eb3 x-trace 2BAAC9CAC9B7AD03734166CAF7E0188AF0B617A9DF000000000000000000
GET H2	200	public Show response api.hubspot.com/livechat-public/v1/message/	3 KB 2 KB	250ms 250ms	XHR application/json	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubspot.com/livechat-public/v1/message/public?portalId=22265125&conversations-embed=static-1.15266&mobile=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&traceId=3e6c71c262ae4be398b35eff8e9a9c00 Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ae3a6e90a3589b2bbf302b77b189521eddfd2b9c3afa930fd4c27ecffb9c7e7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 91256a7a-67cf-4e02-a407-968e7d9948d5 x-envoy-upstream-service-time 103 content-length 1448 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 91256a7a-67cf-4e02-a407-968e7d9948d5 server cloudflare x-trace 2B2C44CD1A74553A8D13E67C635C4A8D836AEE632C000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-7mph6 cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RT%2BMH36i9%2BhFWTqiJA8yMpCgrre7rD2nENf03Uz8nGWFJKbgUa%2FRlB3C5HRBXq3N4RFcRNkJgqA8VHnlG2yXDxSFjPaeWyLoEUdx9qw2HwQB0jT4zH6VWyMXMk2nL8Tci%2BiU1O84urrN36ILyg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 84d33616ad783a4a-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	180 B 1 KB	191ms 143ms	XHR application/json	2606:4700::6811:cbcc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=22265125 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb017b11346c44f8c491900723c7095f74223487be55b56751064e8cc0034654 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 4c69dcc6-41e6-4369-a323-2224762a7590 content-encoding br x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 4c69dcc6-41e6-4369-a323-2224762a7590 server cloudflare x-trace 2BD211DDAC38E8E74458652CC85FC2A33E91F90478000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-x7v7r access-control-max-age 180 access-control-allow-credentials false x-evy-trace-virtual-host all report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eVP4gdiVA%2F65bIVHjso8qUuzfDTxh1xbuRPGi7s7jiEpwiqV2tEu9jT4hpuztkDgGQSw8r5D7q3AI2vcfHsYvmdp%2FdSvM%2FrdnsZUYEZpX5XmKNcwGx2lo07JhtmbzaG0L1VrRWAxVNdT3AeO"}],"group":"cf-nel","max_age":604800} cf-ray 84d33615dd983673-FRA access-control-allow-headers *
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	116 B 435 B	132ms 132ms	XHR application/json	2606:4700::6811:599a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=22265125&utk= Requested by Host: js.hscollectedforms.net URL: https://js.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:599a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5e0d70fc8d72adca6ac200b5c41dd5c4de7c928eb236734944ab1674aef2b7ce Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id d430bcfc-ffa6-4322-ab9c-aab015c7497a x-envoy-upstream-service-time 7 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id d430bcfc-ffa6-4322-ab9c-aab015c7497a server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 access-control-allow-origin https://www.praetorian.com x-evy-trace-virtual-host all cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-68k69 access-control-max-age 180 x-robots-tag none access-control-allow-headers * cf-ray 84d33615b9781d86-FRA
POST H2	204	collect region1.analytics.google.com/g/	0 54 B	32ms 31ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-WG4YYDQ1NH&gtm=45je41o0v888757690z8859579073&_p=1706549511332&_gaz=1&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&cid=184895320.1706549513&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1706549512&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&dt=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&en=page_view&_fv=1&_ss=1&up.ClearbitTrafficType=Non-Company&up.ClearbitCompanyName=Non-Company&up.ClearbitCompanyDomain=Non-Company&up.ClearbitIndustry=Non-Company&up.ClearbitHQCountry=Non-Company&up.ClearbitHQState=Non-Company&up.ClearbitHQCity=Non-Company&up.ClearbitEmployeeRange=Non-Company&up.ClearbitEstimatedRevenueRange=Non-Company&tfd=1932 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.praetorian.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 256 B	83ms 27ms	Ping text/plain	2a00:1450:400c:c07::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WG4YYDQ1NH&cid=184895320.1706549513&gtm=45je41o0v888757690z8859579073&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.praetorian.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 408 B	100ms 54ms	Image image/gif	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WG4YYDQ1NH&cid=184895320.1706549513&gtm=45je41o0v888757690z8859579073&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&z=623834252 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 625 B	162ms 138ms	Image image/gif	2606:4700::6812:b07d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 503ae1f1-bd53-40cd-a05f-f3cc606013e4 x-envoy-upstream-service-time 2 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 503ae1f1-bd53-40cd-a05f-f3cc606013e4 server cloudflare x-trace 2B469119802F6A0AF0E263B0C853B8A9560940FAAC000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-547b899f8d-khjkj access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 84d336162b409bee-FRA
GET H2	200	btn-fill-edge.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	475 B 773 B	131ms 130ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 1fb7c0840941cfb0c984be505c08b3adcf60131a957cce45f91726017c771fa5 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-1db" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	btn-fill-edge-rotated.svg www.praetorian.com/wp-content/themes/studio-simpatico/svgs/	480 B 781 B	257ms 257ms	Image image/svg+xml	146.148.61.165 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge-rotated.svg Requested by Host: www.praetorian.com URL: https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 146.148.61.165 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 165.61.148.146.bc.googleusercontent.com Software nginx / Resource Hash 3207a467556090b6d0107d8a636d62b8b65786050b543a71b11b95c2a46ccc59 Security Headers Name Value Content-Security-Policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/wp-content/themes/studio-simpatico/style.css?ver=6.4.2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-security-policy frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com; frame-ancestors 'none'; content-encoding br last-modified Thu, 21 Sep 2023 18:00:37 GMT server nginx etag W/"650c84c5-1e0" vary Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=31536000
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3767322%26time%3D1706549512662%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&l... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&...	0 267 B	276ms 201ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQIoYzZOuVctowAAAY1WRwvhlPAD9gUMB7q7Ug1tApzzC-ISAQfXSGDPLk55R7DEQ37irH35ttK- Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 7DCE029E08164D34BCAD38266598BB43 Ref B: DUS30EDGE0819 Ref C: 2024-01-29T17:31:53Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lor1 x-li-proto http/2 content-length 0 x-li-uuid AAYQGQWKmGMn6NMPt+msMw== Redirect headers date Mon, 29 Jan 2024 17:31:52 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 424124AE4A004B95864F8ABC6541349A Ref B: FRAEDGE1316 Ref C: 2024-01-29T17:31:53Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1706549512662&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&cookiesTest=true&liSync=true&e_ipv6=AQIoYzZOuVctowAAAY1WRwvhlPAD9gUMB7q7Ug1tApzzC-ISAQfXSGDPLk55R7DEQ37irH35ttK- x-li-proto http/2 content-length 0 x-li-uuid AAYQGQWGTP4PrzsmNz7ZCg==
GET H2	200	utsync.ashx Show response ml314.com/	62 B 254 B	45ms 44ms	Script application/javascript	34.117.77.79 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=89211&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&pv=1706549512666_txek5o0b6&bl=en-us&cb=5238759&return=&ht=&d=&dc=&si=1706549512666_txek5o0b6&cid=&s=1600x1200&rp=&v=2.5.5.72 Requested by Host: ml314.com URL: https://ml314.com/tag.aspx?290 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 79.77.117.34.bc.googleusercontent.com Software Google Frontend / Resource Hash 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT via 1.1 google, 1.1 google server Google Frontend content-type application/javascript p3p CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA" cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires 0
GET H/1.1	200 OK	counters.gif forms-na1.hsforms.com/embed/v3/	35 B 1016 B	213ms 161ms	Image image/gif	2606:4700::6812:a07d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers Date Mon, 29 Jan 2024 17:31:52 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff CF-Cache-Status DYNAMIC x-evy-trace-route-service-name envoyset-translator X-HubSpot-Correlation-Id 8acd0943-277e-4d9e-9573-62eab7beb6db x-envoy-upstream-service-time 3 Connection keep-alive alt-svc h3=":443"; ma=86400 Content-Length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 8acd0943-277e-4d9e-9573-62eab7beb6db Server cloudflare X-Trace 2B2ABAD803F63A39C4D6B90274D36A6680A0D50162000000000000000000 Vary origin Content-Type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-547b899f8d-lg25h Access-Control-Expose-Headers X-Origin-Hublet Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials false X-Robots-Tag none CF-RAY 84d336169e22362d-FRA
GET H2	200	preact-incoming-feedback.4e686ac6c9864bf9dc40.js Show response script.hotjar.com/	190 KB 42 KB	22ms 21ms	Script application/javascript	13.32.27.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/preact-incoming-feedback.4e686ac6c9864bf9dc40.js Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-107.fra56.r.cloudfront.net Software / Resource Hash 74fd0df5905ac9bf5a26829615fe4cac7a71e5b3be36facfa70206b54d5a25f5 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 26 Jan 2024 14:07:07 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C2 age 271485 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 42878 last-modified Fri, 26 Jan 2024 14:06:48 GMT etag "c456929624c998b16d29c019d8d5554c" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id nwvET4yc1lQK3ctcsoq11rzo6ZcWQeCgAoT8DqKtNugdkOTku_S6Ww==
GET H2	200	browser-perf.8417c6bba72228fa2e29.js Show response script.hotjar.com/	5 KB 2 KB	24ms 24ms	Script application/javascript	13.32.27.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-107.fra56.r.cloudfront.net Software / Resource Hash 70712c8650feecc46403b5801b9d5b72d5b2d6ba1d1cf0317e105603982321bf Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Wed, 24 Jan 2024 14:32:07 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C2 age 442785 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 1782 last-modified Wed, 24 Jan 2024 14:31:37 GMT etag "b83b61bc5871e9a23a0434e2c539f4f3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id M6nJoGqOySZhNh_lPuXmHtwuDI_0MOZkduVRa0AhOVjUq2kUPsFIxQ==
POST H2	200	/ Show response content.hotjar.io/	56 B 161 B	292ms 126ms	XHR application/json	34.246.35.15 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.hotjar.io/?gzip=1 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.246.35.15 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-246-35-15.eu-west-1.compute.amazonaws.com Software / Resource Hash 86f8da31049731d0addb1bf2f2c99f46d447f52b89a0c1f7798de0c25afebb99 Request headers Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type text/plain; charset=UTF-8 Response headers access-control-allow-origin * date Mon, 29 Jan 2024 17:31:53 GMT content-length 56 vary Origin content-type application/json
GET H3	200	counters.gif forms.hsforms.com/embed/v3/	35 B 590 B	135ms 134ms	Image image/gif	2606:4700::6812:b07d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 03309853-22a8-43be-b2be-61fbf20ad420 x-envoy-upstream-service-time 3 alt-svc h3=":443"; ma=86400 content-length 35 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 03309853-22a8-43be-b2be-61fbf20ad420 server cloudflare x-trace 2B72405F9E43E444A3F76BCD6449FD64995F400905000000000000000000 vary origin content-type image/gif x-evy-trace-virtual-host all x-evy-trace-served-by-pod iad02/star-hubspot-td/envoy-proxy-547b899f8d-2rdnx access-control-expose-headers X-Origin-Hublet cache-control max-age=0, no-cache, no-store access-control-allow-credentials false x-robots-tag none cf-ray 84d33616ec529bee-FRA
GET H3	200	js Show response www.googletagmanager.com/gtag/	205 KB 73 KB	34ms 34ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-973478582 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a04e93b6a31a2ce97f4a9300c75dcaff18147ee6e9a0d615ea5605d2a7d1f640 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 75078 x-xss-protection 0 last-modified Mon, 29 Jan 2024 17:09:52 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 29 Jan 2024 17:31:52 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	205 KB 73 KB	38ms 38ms	Script application/javascript	2a00:1450:4001:82b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-973478582&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 7e4579044a70db00d0e82ba21c0878cac31f9d541f03144a2d45914b42cf81de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 75092 x-xss-protection 0 last-modified Mon, 29 Jan 2024 17:09:52 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 29 Jan 2024 17:31:52 GMT
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 620 B	192ms 192ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 29 Jan 2024 17:31:52 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 3A83D20F9A304449B74C1B3533E80424 Ref B: FRAEDGE1316 Ref C: 2024-01-29T17:31:52Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 access-control-allow-origin https://www.praetorian.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYQGQWB1KLx9IGPdiG/Wg==
GET H2	200	font-hotjar_5.65042d.woff2 script.hotjar.com/	2 KB 3 KB	64ms 20ms	Font font/woff2	13.32.27.107 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/font-hotjar_5.65042d.woff2 Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.107 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-107.fra56.r.cloudfront.net Software / Resource Hash fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://www.praetorian.com/ Origin https://www.praetorian.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Fri, 01 Sep 2023 23:49:20 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C2 age 12937352 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin last-modified Fri, 01 Sep 2023 09:38:54 GMT etag "c9fb9163f8b7be37023ebe649688bebf" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * cache-control max-age=31536000 x-robots-tag none x-amz-cf-id gQRL-WGO04XoPAJDaLVN9u1SWeSznfM4eJe_ivtFIaneNCOLWyjtQQ==
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/973478582/	3 KB 2 KB	103ms 58ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973478582/?random=1706549512866&cv=11&fst=1706549512866&bg=ffffff&guid=ON&async=1&gtm=45be41o0v879006520&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&hn=www.googleadservices.com&frm=0&tiba=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&did=dZTNiMT%2CdZTQ1Zm&gdid=dZTNiMT.dZTQ1Zm&pscdl=noapi&auid=450136987.1706549512&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-973478582&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a7dec1db4f85a07c7c09ad084a2ea6be163455501af799cc6d63689e3db12592 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:52 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1311 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/973478582/	42 B 455 B	81ms 32ms	Image image/gif	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/973478582/?random=1706549512866&cv=11&fst=1706547600000&bg=ffffff&guid=ON&async=1&gtm=45be41o0v879006520&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&frm=0&tiba=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_RoPxp9tv8KhqtT1kLLzdODsfchvhTQ&random=535979504&rmt_tld=0&ipr=y Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:53 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/973478582/	42 B 154 B	32ms 31ms	Image image/gif	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/973478582/?random=1706549512866&cv=11&fst=1706547600000&bg=ffffff&guid=ON&async=1&gtm=45be41o0v879006520&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&frm=0&tiba=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_RoPxp9tv8KhqtT1kLLzdODsfchvhTQ&random=535979504&rmt_tld=1&ipr=y Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:53 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	3e6c71c262ae4be398b35eff8e9a9c00 Show response app.hubspot.com/conversations-visitor/22265125/threads/utk/ Frame 85EC	53 KB 20 KB	281ms 221ms	Document text/html	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b30c526d6302c3791d908a45a1e3d9081b5979afb3b240f3597952d8baa872d7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options no-sniff Request headers Referer https://www.praetorian.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials false age 3054 cache-control max-age=600 cache-tag staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod cf-cache-status DYNAMIC cf-ray 84d33618ab430482-FRA content-encoding br content-security-policy-report-only script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.17719/html/index.html&cfRay=84d33618ab430482&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F22265125%2Fthreads%2Futk%2F3e6c71c262ae4be398b35eff8e9a9c00%3Fuuid%3D8f64a6442e4b41f7a3fa19b366b76485%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dpraetorian.com%26inApp53%3Dfalse%26messagesUtk%3D3e6c71c262ae4be398b35eff8e9a9c00%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252Fblog%252Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fwww.praetorian.com%2F&cfenv=prod&pdt=2024-01-29&csp=ro content-type text/html; charset=utf-8 date Mon, 29 Jan 2024 17:31:53 GMT etag W/"7c40c1460a2b527dfdfefa96bce190d6" last-modified Fri, 26 Jan 2024 14:19:32 UTC report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} reporting-endpoints default="https://send.hsbrowserreports.com/csp/reports?cfRay=84d33618ab430482&resource=conversations-visitor-ui/static-1.17719/html/index.html" server cloudflare strict-transport-security max-age=31536000; includeSubDomains; preload vary origin, Accept-Encoding via 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront) x-amz-cf-id UVI76X8mfuDTH2odJhBTlFWrvngJUQ15rv_mnBJlAZJHpUrUDVGaoA== x-amz-cf-pop IAD12-P3 x-amz-replication-status COMPLETED x-amz-server-side-encryption AES256 x-amz-version-id YP6Dcu3CK8AZwZUV4AcaLmQWEo2MsaHf x-cache Hit from cloudfront x-content-type-options no-sniff x-envoy-upstream-service-time 6 x-evy-trace-listener listener_https x-evy-trace-route-configuration listener_https/all x-evy-trace-route-service-name envoyset-translator x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-bf946f66b-b77s7 x-evy-trace-virtual-host all x-hs-cache-status MISS x-hs-target-asset conversations-visitor-ui/static-1.17719/html/index.html x-hs-worker-debug-mode false x-hubspot-correlation-id 9c1b872d-6549-4257-a588-363690a1703b x-request-id 9c1b872d-6549-4257-a588-363690a1703b
GET H2	200	bundle.production.js Show response static.hsappstatic.net/head-dlb/static-1.368/ Frame 85EC	44 KB 17 KB	94ms 42ms	Script application/javascript	2606:4700::6811:c060 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id wWLMJ6qW0lXJfco2m026CzodYMop32jV via 1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 age 574944 x-amz-server-side-encryption AES256 content-encoding br x-cache RefreshHit from cloudfront x-amz-replication-status COMPLETED server-timing cfr;desc=84d3361a7ffdbbbf-FRA last-modified Tue, 11 Jul 2023 18:31:41 GMT server cloudflare etag W/"63ec2a77119dfb2ddcae56ab3a029230" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=33syHo3UKbWbvEzJYjb1D%2Fe5fstTec2s7Ft1JiL4GNtd2ttdkM6ek9E0zw05FNTXMvv7XvQzoxJEuoEX7wptFznL7fRk%2FPXTSU6ZG19jovEGCcvV0Ra9%2BFRtLz75wKsSNi1ZZ0BOUPN2g3kvdkADPJYyQq8%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 timing-allow-origin * cf-ray 84d3361a7ffdbbbf-FRA x-amz-cf-id DxkNEZjKUayxU8InGhLoy_8jikxFe9XhMqmBtrY_dRlz6ySp8JmDdg== expires Tue, 28 Jan 2025 17:31:53 GMT
GET H2	200	visitor.css static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/ Frame 85EC	19 KB 4 KB	83ms 32ms	Stylesheet text/css	2606:4700::6811:c060 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/visitor.css Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://app.hubspot.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id 8JK3Qs8SBE2zTXCiSEFRAiP414rxQpaa via 1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 age 388888 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED server-timing cfr;desc=84d3361a7c169b25-FRA last-modified Thu, 02 Nov 2023 14:28:10 GMT server cloudflare etag W/"686ebda4c47b0bdb5d9460221c8036d1" vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EqFhKAGr%2F70g8QSnSTq5uyiH%2BrKEMrquW3C39D3UM1GOqjZkUFh0fy%2B9LqAI6egQpX790UqVGlbq87hYEtYK1sH6QvxzMCLC6pdKctt%2BaK8IfY7lNxH1qj22bJxE4l68wc0ni%2Bct9QdEWwfHLb6OEOIYYDE%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000 timing-allow-origin * cf-ray 84d3361a7c169b25-FRA x-amz-cf-id rQ-CaUX9M0avD0Zi5agO-7P-7PkSor51bhSD_PRmZ481KdBcPvdijA== expires Tue, 28 Jan 2025 17:31:53 GMT
GET H2	200	bundle.production.js Show response static.hsappstatic.net/hubspot-dlb/static-1.522/ Frame 85EC	295 KB 94 KB	94ms 44ms	Script application/javascript	2606:4700::6811:c060 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/hubspot-dlb/static-1.522/bundle.production.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 59f6d8db6a6b4d9aa01991c751c30e4b6aef7a4197da21be7e61a41448c5ae69 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id rKh51R63oxz5N3dfuB2VkIuksUjUA_yy via 1.1 debf5a1694fcb96cc13d895660321eda.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop FRA60-P6 age 1649532 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED server-timing cfr;desc=84d3361a7800bbbf-FRA last-modified Mon, 08 Jan 2024 19:59:33 GMT server cloudflare etag W/"7625f1a8376f1cb513c308136c837d2d" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsEivuIW9Cs%2BZrNfEOYfItQyY%2BcXbC8dfQElIG5SNJYr3ebmq9uAI8cKQoxD9Im0mksb6CILwG9oeVIzUmqEU%2B62A5o5H3E9FjPSeiUWjBVGImWggY079hMZ96Gz1ibIr3paAOBaB8pGDV%2FGT5gaqmDLEvE%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 timing-allow-origin * cf-ray 84d3361a7800bbbf-FRA x-amz-cf-id W_DA70Nr4C5RIbr0shoMZXnTFftkHS_8xzg3RsyKzac0_4-eIx_LnA== expires Tue, 28 Jan 2025 17:31:53 GMT
GET H2	200	visitor.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.17719/bundles/ Frame 85EC	643 KB 190 KB	98ms 48ms	Script application/javascript	2606:4700::6811:c060 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.17719/bundles/visitor.js Requested by Host: app.hubspot.com URL: https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 136102a05a410bcead0fcad06ca6c315376d0e6a493675edd10f4e747f494eeb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id _NjYyULIAAHJ6AAoAvHescExBYgmfA5G via 1.1 a66afeef05dba31abba2c6cbc2eaa73c.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop AMS58-P5 age 270731 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED server-timing cfr;desc=84d3361a7ffcbbbf-FRA last-modified Thu, 25 Jan 2024 18:54:45 GMT server cloudflare etag W/"ba9f1daf6286f76b8539a9e1bd318dcc" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lvKXQeJdXioNdCwPLf5DQwpjFGq4ivIBOMWpyg6Dzr5ZFw5receMlCn5NouYhgiSNOq6RPwjtz4O%2BOQFjjSTzgoWWr3%2FSGZwu4uBOOwzTjW3ERsVYZnYmIQpcjuZQRsrB17Vf00cFBbOVmiqcbjr8Ti1Yk%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 timing-allow-origin * cf-ray 84d3361a7ffcbbbf-FRA x-amz-cf-id pzTrQ-VVuBFNY2BjfI0w2_SaMWy89KUCtiqN_XiP0Xr0V2dNAOyqYQ== expires Tue, 28 Jan 2025 17:31:53 GMT
GET H2	200	i18n-data-data-locales-en-us.js Show response static.hsappstatic.net/conversations-visitor-ui/static-1.17636/ Frame 85EC	841 B 1 KB	28ms 28ms	Script application/javascript	2606:4700::6811:c060 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.hsappstatic.net/conversations-visitor-ui/static-1.17636/i18n-data-data-locales-en-us.js Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17719/bundles/visitor.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 631f23436af8fe9e571e1e531b5fd6ab376dfd49541663db9c7d580c557e9bcf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://app.hubspot.com/ Origin https://app.hubspot.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id 573dfp2NqS6Vz._7ajEh3xf8bEynLLyM via 1.1 2aefdd231d9806ea2eced3399f411f80.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=31536000; includeSubDomains; preload x-amz-cf-pop ZRH55-P1 age 532920 x-amz-server-side-encryption AES256 content-encoding br x-cache Hit from cloudfront x-amz-replication-status COMPLETED server-timing cfr;desc=84d3361b993cbbbf-FRA last-modified Wed, 17 Jan 2024 17:47:48 GMT server cloudflare etag W/"7c1a5625e964f0048674357f4aaf42d5" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin https://app.hubspot.com report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0OpblmC1G9ikLlQtNWP0minBiNfBP7uljpLI%2BgdloujrbCFTKXMz4eIsWHLC%2FlZ5veADgwKrbyYmTaJ3Q4ATdAa8vBIRINTnsDPmYIyH%2Fjk4uU0OyioFXBQi%2FY5lMk3regtxaFpTEdJnkJvkuP7DzNILaU%3D"}],"group":"cf-nel","max_age":604800} vary Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method access-control-allow-credentials true cache-control public, max-age=31536000 timing-allow-origin * cf-ray 84d3361b993cbbbf-FRA x-amz-cf-id _IWi4CVAsyfYPMBQtyD982E0gW8qxtF_s4i9OyQjCDB7PB0DatIPFg== expires Tue, 28 Jan 2025 17:31:53 GMT
GET H2	200	zi-tag.js Show response js.zi-scripts.com/	8 KB 3 KB	234ms 169ms	Script application/javascript	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/zi-tag.js Requested by Host: www.praetorian.com URL: https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT x-amz-version-id lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L content-encoding gzip cf-cache-status DYNAMIC last-modified Mon, 11 Dec 2023 12:17:02 GMT server cloudflare via 1.1 077f087379cd5651868a7502cf7c3876.cloudfront.net (CloudFront) x-amz-cf-pop BAH53-C1 etag W/"15c02cdee0df6c26ba3d8c62d912c66c" age 48970 vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cf-ray 84d3361c5b322685-TXL x-amz-cf-id Rl-6HAY0fe_Pg9QjSqEWVqr8ucGlWmTMRgAoNf2Xm5-f69iQhPpp2A==
GET H2	200	__ptq.gif track.hubspot.com/	45 B 709 B	163ms 154ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3725600676&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&t=Man-in-the-Middle+TLS+Protocol+Downgrade+Attack+-&cts=1706549513578&vi=cca820b0fe6109edb2180dfe3af83709&nc=true&u=185921974.cca820b0fe6109edb2180dfe3af83709.1706549513575.1706549513575.1706549513575.1&b=185921974.1.1706549513576&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c15dffa3-231f-49d1-a59f-7553337fdbe1 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 11 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c15dffa3-231f-49d1-a59f-7553337fdbe1 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgnmAcs%2BNa796Yk6U27hF9JotwmFbv85%2BAtfOGz4vQ9mOYxODbhQCx6%2BN8hVq57YhPvAe5C4mYxx1rmT%2FlP4I2CA7oHZ8ww06OBhs3mGldntD%2BR3MpNbW1Opg9G4UI22euZJHvRP8VGv77inhpcH"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-865d96945d-vxndb x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 84d3361bff800482-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 707 B	199ms 195ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=15&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=7a0c38f0-6bef-43c2-bb61-b2baa36482c4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3725600676&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&t=Man-in-the-Middle+TLS+Protocol+Downgrade+Attack+-&cts=1706549513580&vi=cca820b0fe6109edb2180dfe3af83709&nc=true&u=185921974.cca820b0fe6109edb2180dfe3af83709.1706549513575.1706549513575.1706549513575.1&b=185921974.1.1706549513576&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id 63a5702e-b727-4185-bcb1-6eb35e31ee56 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 29 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id 63a5702e-b727-4185-bcb1-6eb35e31ee56 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGM%2FYex2ladBiqSyAUQYj%2BopzU3gJ%2FAi%2FLMVF%2FBKLr2j%2Buy4pfK1BZ%2FNa0Pbs1g%2BL7%2BO8K2HtMP1tuWVIg7e4n4Qe467JBztfgLmcSWyV%2FFLAlt%2FgPfFkPKuHWQpMGw0VrjwrtIBvrDsAfhsn7IS"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-865d96945d-vxndb x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 84d3361bff830482-FRA x-robots-tag none
GET H2	200	__ptq.gif track.hubspot.com/	45 B 438 B	168ms 165ms	Image image/gif	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=17&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=7a0c38f0-6bef-43c2-bb61-b2baa36482c4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3725600676&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&t=Man-in-the-Middle+TLS+Protocol+Downgrade+Attack+-&cts=1706549513580&vi=cca820b0fe6109edb2180dfe3af83709&nc=true&u=185921974.cca820b0fe6109edb2180dfe3af83709.1706549513575.1706549513575.1706549513575.1&b=185921974.1.1706549513576&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers date Mon, 29 Jan 2024 17:31:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id be7e8673-c74f-455e-9568-5c166fecc163 p3p CP="NOI CUR ADM OUR NOR STA NID" x-envoy-upstream-service-time 7 content-length 45 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id be7e8673-c74f-455e-9568-5c166fecc163 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btBmS4EO5de5RBMzZnHj0gxEZ8g9P7I0ED65TEJWPWLVN4UjRQguSdI8rOUZfziTqG4zkaUS3n0%2BIX5bTCfetFADzGYU4v1Yg0xhy5TJYabF%2F0Xo1e6vPGZAgMMWv0LqStE1Juxt6uOAX%2BEVEicr"}],"group":"cf-nel","max_age":604800} content-type image/gif x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-865d96945d-t2hvk x-evy-trace-virtual-host all cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 84d3361bff860482-FRA x-robots-tag none
POST H2	204	rhumb app.hubspot.com/api/cartographer/v1/ Frame 85EC	0 1 KB	164ms 164ms	Ping text/plain	2606:4700::6813:9a53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17719 Requested by Host: static.hsappstatic.net URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17719/bundles/visitor.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://app.hubspot.com/conversations-visitor/22265125/threads/utk/3e6c71c262ae4be398b35eff8e9a9c00?uuid=8f64a6442e4b41f7a3fa19b366b76485&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=praetorian.com&inApp53=false&messagesUtk=3e6c71c262ae4be398b35eff8e9a9c00&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=false&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 29 Jan 2024 17:31:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-route-service-name envoyset-translator x-hubspot-correlation-id c6e44b94-2e0a-4291-b451-1714e013fec8 x-envoy-upstream-service-time 5 x-evy-trace-route-configuration listener_https/all x-evy-trace-listener listener_https x-request-id c6e44b94-2e0a-4291-b451-1714e013fec8 server cloudflare vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2BHH0l%2BWHk5ojXtihaY5E%2FEQsZIWTaS18tD%2FeR77%2B9zWsXZRn7Qe5jgoZkDb7aZ2MckbPdrar00TRaP4bqx8c7bocVn8FpB3ZsjF56N%2BqqGM%2FiHnU5lE9ABYmo1di0npmlT9q6TUEwCuLOq8yA%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin https://app.hubspot.com x-evy-trace-served-by-pod iad02/hubapi-td/envoy-proxy-fcdc68c87-29ngv access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure access-control-max-age 604800 access-control-allow-credentials true x-evy-trace-virtual-host all cf-ray 84d3361c1fc30482-FRA access-control-allow-headers Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Dpl-Correlation-Group-Id, X-HubSpot-Dpl-Parent-Log-Id timing-allow-origin *
GET H2	200	getSubscriptions Show response js.zi-scripts.com/unified/v1/master/	150 B 408 B	381ms 380ms	Fetch application/json	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash faf48e0ebb5da966ca7484b6e45aa8c652d6a99e758f973ff7140dfd290919b8 Request headers visited_url https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 Authorization Bearer d2849480311681745459 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type application/json Response headers date Mon, 29 Jan 2024 17:31:54 GMT via 1.1 077f087379cd5651868a7502cf7c3876.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status DYNAMIC server cloudflare x-amz-cf-pop BAH53-C1 x-powered-by Express etag W/"96-S3Or4pUInSLq81hPIpxFk9eOPxI" x-cache Miss from cloudfront content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cf-ray 84d336203d2d58e4-TXL x-amz-cf-id tFdqKghQSPCeOc3lxPOTiKYd_pKpTkH7J-5wZ8tsciKwLKdzQii3Hw== apigw-requestid SUAZrjTovHcESEQ=
OPTIONS H2	204	getSubscriptions js.zi-scripts.com/unified/v1/master/ Frame	0 0	443ms 388ms	Preflight	172.64.150.44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type,visited_url Access-Control-Request-Method GET Origin https://www.praetorian.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers access-control-allow-headers * access-control-allow-methods * access-control-allow-origin * access-control-max-age 0 apigw-requestid SUAZnh-7PHcEPIQ= cf-cache-status DYNAMIC cf-ray 84d3361dc80758e4-TXL date Mon, 29 Jan 2024 17:31:54 GMT server cloudflare vary Access-Control-Request-Headers via 1.1 ce18b5517bbba48636fceebb7d62ba00.cloudfront.net (CloudFront) x-amz-cf-id cMdNBeTmghcx6n66XG_J3aR1_p2hGNYLq3kqgtfFCRhvubs3kWcIIQ== x-amz-cf-pop BAH53-C1 x-cache Miss from cloudfront x-powered-by Express
GET H3	200	/ Show response ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/	3 KB 2 KB	466ms 435ms	Fetch text/javascript	2606:4700::6810:890f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash d3f84db0ccf64722fe8ac4572b2988e5e3c9bf9b18277d7c7c346693e8f4942a Security Headers Name Value X-Content-Type-Options nosniff Request headers visited-url https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ Referer https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/ _vtok MjE3LjExNC4yMTguMjU= _zitok 95af2672eceb4234ede41706549514 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type text/javascript Response headers date Mon, 29 Jan 2024 17:31:55 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin https://www.praetorian.com access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url alt-svc h3=":443"; ma=86400 cf-ray 84d336243d2dbb44-FRA
OPTIONS H2	200	/ ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/ Frame	0 0	225ms 171ms	Preflight text/html	2606:4700::6810:890f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers _vtok,_zitok,content-type,visited-url Access-Control-Request-Method GET Origin https://www.praetorian.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url access-control-allow-origin https://www.praetorian.com allow GET,HEAD alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84d33622ec1f3a54-FRA content-encoding gzip content-type text/html; charset=utf-8 date Mon, 29 Jan 2024 17:31:54 GMT server cloudflare via 1.1 google x-content-type-options nosniff x-powered-by Express x-robots-tag noindex, nofollow
POST H2	204	/ metrics.hotjar.io/	0 70 B	177ms 42ms	Ping text/plain	54.246.23.69 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://metrics.hotjar.io/?v=6 Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2851712.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.246.23.69 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-246-23-69.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.praetorian.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin * date Mon, 29 Jan 2024 17:31:55 GMT vary Origin
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	26ms 26ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-FCP1DZPL64&gtm=45je41o0v9105375649&_p=1706549511332&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=184895320.1706549513&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1706549512&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Fman-in-the-middle-tls-ssl-protocol-downgrade-attack%2F&dt=Man-in-the-Middle%20TLS%20Protocol%20Downgrade%20Attack%20-&en=detect_user&_ee=1&ep.event_category=Hotjar&ep.event_label=447ec1dc&ep.non_interaction=true&_et=188&up.hjuid=447ec1dc&tfd=7031 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-FCP1DZPL64 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.praetorian.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36 Response headers pragma no-cache date Mon, 29 Jan 2024 17:31:57 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.praetorian.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT