www.praetorian.com Open in urlscan Pro
146.148.61.165 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Submission: On June 27 via api (June 27th 2024, 2:17:19 am UTC) from BY — Scanned from DE

Summary HTTP 103 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 34 IPs in 6 countries across 27 domains to perform 103 HTTP transactions. The main IP is 146.148.61.165, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.praetorian.com.
TLS certificate: Issued by R3 on March 30th 2024. Valid for: 3 months.

This is the only time www.praetorian.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	146.148.61.165 146.148.61.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2606:4700::68... 2606:4700::6810:8dd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2001:2030:21:... 2001:2030:21::3e73:fc89	1299 (TWELVE99 ...) (TWELVE99 Arelion)
3	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6efe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7edb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:2030:21:... 2001:2030:21::3e73:fc93	1299 (TWELVE99 ...) (TWELVE99 Arelion)
3	13.33.187.74 13.33.187.74	16509 (AMAZON-02) (AMAZON-02)
7 12	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
1	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
12	23.50.131.152 23.50.131.152	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	216.24.57.4 216.24.57.4	397273 (RENDER) (RENDER)
1	2600:9000:267... 2600:9000:2670:9a00:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.245.86.73 18.245.86.73	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:f06c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.58.206.40 216.58.206.40	15169 (GOOGLE) (GOOGLE)
1	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:d20... 2a02:26f0:d200::6010:3671	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
2	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
103	34

20 146.148.61.165 (Council Bluffs, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.61.148.146.bc.googleusercontent.com

www.praetorian.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:8dd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:2030:21::3e73:fc89 (Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6efe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7edb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:2030:21::3e73:fc93 (Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.33.187.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-74.fra60.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2620:1ec:21::14 (United States) 7 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f195.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.50.131.152 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-50-131-152.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.24.57.4 (United States)

ASN397273 (RENDER, US)

grow.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:9a00:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-73.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f06c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.40 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.85 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:d200::6010:3671 (Warsaw, Poland)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	praetorian.com 1 redirects www.praetorian.com	673 KB
16	linkedin.com 7 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 360 www.linkedin.com — Cisco Umbrella Rank: 545 px4.ads.linkedin.com — Cisco Umbrella Rank: 6416	9 KB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 5903 c.6sc.co — Cisco Umbrella Rank: 8340 ipv6.6sc.co — Cisco Umbrella Rank: 6045 b.6sc.co — Cisco Umbrella Rank: 3852	26 KB
9	typekit.net use.typekit.net — Cisco Umbrella Rank: 649 p.typekit.net — Cisco Umbrella Rank: 807	223 KB
6	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 894 script.hotjar.com — Cisco Umbrella Rank: 1260	113 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 5239 forms-na1.hsforms.com — Cisco Umbrella Rank: 8151	5 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	366 KB
4	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2984	3 KB
3	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2823	3 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7464	4 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 7548	62 KB
3	licdn.com snap.licdn.com — Cisco Umbrella Rank: 902	14 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5175	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9419	709 B
2	ml314.com ml314.com — Cisco Umbrella Rank: 2091	37 KB
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3125
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 5322 forms.hscollectedforms.net — Cisco Umbrella Rank: 5409	25 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 527	701 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 4224	1 KB
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 16562
1	clearbitjs.com grow.clearbitjs.com — Cisco Umbrella Rank: 67408	363 B
1	google.de www.google.de — Cisco Umbrella Rank: 8088	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136	256 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2634	24 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2607	26 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3959	4 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 7892	156 KB
103	27

	Domain	Requested by
20	www.praetorian.com	1 redirects www.praetorian.com
11	px.ads.linkedin.com	6 redirects snap.licdn.com
9	b.6sc.co	www.praetorian.com
8	use.typekit.net	www.praetorian.com use.typekit.net
4	px4.ads.linkedin.com	www.praetorian.com
4	www.googletagmanager.com	www.praetorian.com www.googletagmanager.com js.hsadspixel.net
4	js.hs-scripts.com	www.praetorian.com www.googletagmanager.com
3	track.hubspot.com
3	js.zi-scripts.com	www.praetorian.com js.zi-scripts.com
3	js.driftt.com	www.praetorian.com js.driftt.com
3	script.hotjar.com	static.hotjar.com script.hotjar.com www.praetorian.com
3	snap.licdn.com	www.praetorian.com www.googletagmanager.com js.hsadspixel.net
3	static.hotjar.com	www.praetorian.com www.googletagmanager.com
2	ws.zoominfo.com	js.zi-scripts.com
2	epsilon.6sense.com	j.6sc.co
2	ml314.com	www.praetorian.com ml314.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	region1.analytics.google.com	www.googletagmanager.com
2	forms-na1.hsforms.com	www.praetorian.com
2	forms.hsforms.com	js.hsforms.net www.praetorian.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	api.hubapi.com	js.hsadspixel.net
1	tag.clearbitscripts.com	www.googletagmanager.com
1	grow.clearbitjs.com	www.praetorian.com
1	www.google.de	www.praetorian.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.linkedin.com	1 redirects
1	p.typekit.net	use.typekit.net
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hsforms.net	www.praetorian.com
103	36

This site contains links to these domains. Also see Links.

Domain
www.github.com
www.linkedin.com
twitter.com
www.facebook.com
www.cve.org
github.com
my.f5.com
i.blackhat.com
www.cisa.gov
aws.amazon.com
en.wikipedia.org
httpd.apache.org
ricterz-me.translate.goog
www.trendmicro.com
127.4.1.1
127.4.2.1
tomcat.apache.org
community.f5.com
linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
www.praetorian.com R3	`2024-03-30` - `2024-06-28`	3 months	crt.sh
hs-scripts.com E1	`2024-05-31` - `2024-08-29`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-01` - `2025-03-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
hsforms.net WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
hscollectedforms.net E1	`2024-05-27` - `2024-08-25`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.google.de WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
grow.clearbitjs.com E1	`2024-05-17` - `2024-08-15`	3 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
hubapi.com E1	`2024-05-04` - `2024-08-02`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Frame ID: B79096578A9B88FB3250DCEBABBBADF5
Requests: 104 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=uet2c95y5w8r&eId=uet2c95y5w8r&region=US&forceShow=false&skipCampaigns=false&sessionId=7100cbb0-0f50-4e4e-999c-4ee285847544&sessionStarted=1719454634.722&campaignRefreshToken=06b59ed6-ef33-464c-9f98-a927a739a9a4&hideController=false&pageLoadStartTime=1719454632677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
Frame ID: B53FBD0617A1A110F51211ADA6FD134B
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1719454632677
Frame ID: F337326E6D3FE64B0CA300FC1806C47B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Compromising F5 BIGIP with Request Smuggling |

Page URL History Show full URLs

https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747 HTTP 301
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

103
Requests

93 %
HTTPS

48 %
IPv6

27
Domains

36
Subdomains

34
IPs

6
Countries

1772 kB
Transfer

4358 kB
Size

31
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.github.com/praetorian-inc/
Title: Explore Development Projects

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.cve.org/CVERecord?id=CVE-2023-46747
Title: CVE-2023-46747

Search URL Search Domain Scan URL

URL: https://www.cve.org/CVERecord?id=CVE-2022-26377
Title: CVE-2022-26377

Search URL Search Domain Scan URL

URL: https://github.com/projectdiscovery/nuclei-templates/pull/8496/files
Title: proof of concept on Github

Search URL Search Domain Scan URL

URL: https://my.f5.com/manage/s/article/K52145254
Title: CVE-2020-5902

Search URL Search Domain Scan URL

URL: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
Title: BlackHat in 2018

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-206a
Title: advisory

Search URL Search Domain Scan URL

URL: https://my.f5.com/manage/s/article/K23605346
Title: CVE-2022-1388

Search URL Search Domain Scan URL

URL: https://github.com/alt3kx/CVE-2022-1388_PoC
Title: proof of concept

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-lphsy6izllsmq?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: AWS Marketplace template

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/CentOS#CentOS_version_7
Title: CentOS 7.5-1804 which was released in 2018

Search URL Search Domain Scan URL

URL: https://httpd.apache.org/security/vulnerabilities_24.html
Title: sizable number of security patches

Search URL Search Domain Scan URL

URL: https://my.f5.com/manage/s/article/K000132643
Title: in a public KB article they published

Search URL Search Domain Scan URL

URL: https://ricterz-me.translate.goog/posts/2022-03-03-a-new-attack-method-ajp-request-smuggling.txt?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Title: excellent blog post

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/20/c/busting-ghostcat-an-analysis-of-the-apache-tomcat-vulnerability-cve-2020-1938-and-cnvd-2020-10487.html
Title: the default PoC for 2020’s GhostCat vulnerability

Search URL Search Domain Scan URL

URL: http://127.4.1.1/

Search URL Search Domain Scan URL

URL: http://127.4.2.1/
Title: http://127.4.2.1

Search URL Search Domain Scan URL

URL: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
Title: states

Search URL Search Domain Scan URL

URL: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Title: Apache site itself

Search URL Search Domain Scan URL

URL: https://github.com/apache/tomcat/blob/8.5.x/java/org/apache/coyote/ajp/AjpProcessor.java
Title: AjpProcessor implementation

Search URL Search Domain Scan URL

URL: https://github.com/apache/httpd/blob/trunk/modules/http/http_core.c
Title: Apache

Search URL Search Domain Scan URL

URL: https://github.com/apache/httpd/blob/2.4.50/modules/proxy/mod_proxy_ajp.c
Title: mod_proxy_ajp

Search URL Search Domain Scan URL

URL: https://tomcat.apache.org/tomcat-3.3-doc/AJPv13.html#prefix-codes
Title: AJP attributes

Search URL Search Domain Scan URL

URL: https://community.f5.com/t5/technical-forum/native-tmsh-bash-commands-via-rest-api/td-p/118662
Title: in this F5 support article

Search URL Search Domain Scan URL

URL: https://my.f5.com/manage/s/article/K000137353
Title: hotfix released by F5

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/thomas-hendrickson-2707b8100/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/praetorian
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/praetorianlabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/praetorianlabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://github.com/praetorian-inc
Title: Github

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/PraetorianLabs
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747 HTTP 301
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3767322%26time%3D1719454633507%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252Fblog%252Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&cookiesTest=true&liSync=true&e_ipv6=AQL0F7LWCMytQgAAAZBXe5EfSkqJZjpExwdquqaUMNvw2wRQCizF-jB7wu2vD_Ko-HOAJw4F

Request Chain 67

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJNr62Ut6dCNQAAAZBXe5C4eRVukaWpkSYdFD7JLkwO0oxXbrX-LQW2XzgeKPOJJ8sM_B9Q

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJR1mf29AuIyAAAAZBXe49I7oADWPoRbe_dERzIvdHDgqTLfzKem17SkdZW_l8FKa91NkHT

Request Chain 69

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQKLaBqRKKhoPwAAAZBXe5CzEq72BZZgSX9xn2NFhfddJH4vTgBmKR7ZZePP9AUeX99VWp-v

103 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Redirect Chain

https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

131 KB
32 KB

197ms
197ms

Document
text/html

146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

5480f50b06c3d59b71e7e6a315d3e237424d6b411caac45558b88b84bcb28656

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-type: text/html; charset=UTF-8
date: Thu, 27 Jun 2024 02:17:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.praetorian.com/wp-json/>; rel="https://api.w.org/" <https://www.praetorian.com/wp-json/wp/v2/posts/5321>; rel="alternate"; type="application/json" <https://www.praetorian.com/?p=5321>; rel=shortlink
pragma: no-cache
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

Redirect headers

cache-control: max-age=600, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 27 Jun 2024 02:17:12 GMT
expires: Thu, 27 Jun 2024 03:17:12 GMT
location: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
server: nginx
x-cache: MISS
x-cache-group: normal
x-cacheable: non200
x-powered-by: WP Engine
x-redirect-by: WordPress

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
1 KB 421ms
338ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6179d30f86229f152bdece596a99629e9804213b9d3f8b3fd53cfa5baa074e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a36719dc-3d82-4526-9fd2-f2c3fb2ee87c
x-envoy-upstream-service-time: 15
content-length: 636
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a36719dc-3d82-4526-9fd2-f2c3fb2ee87c
last-modified: Wed, 26 Jun 2024 23:18:42 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-6x7hg
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89a1f07e1a841b93-FRA
expires: Thu, 27 Jun 2024 02:18:42 GMT

GET
H2 200 autoptimize_bce410e2475518d9d7050df587d7e0a3.css
www.praetorian.com/wp-content/cache/autoptimize/css/ 308 KB
58 KB 201ms
199ms Stylesheet
text/css 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

97f9f04de0f4285cdd230fbb044ea90f7311708d428dba633adbbf68bd7a75ea

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 21:15:08 GMT
server: nginx
etag: W/"66579adc-4cf23"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 yng4pbv.css
use.typekit.net/ 8 KB
1 KB 483ms
298ms Stylesheet
text/css 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/yng4pbv.css?ver=6.5.3

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

Software

nginx /

Resource Hash

8f86d82c79073ffc876c2fdd10fe4b208a3a445c5ea331fadccc465a154b9a66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1083

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 296 KB
100 KB 148ms
57ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c485d8f496ba2640736e239d23fb42393d41a0b5b0c03dad113b2d2e26b68af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 27 Jun 2024 02:17:13 GMT

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 482 KB
156 KB 102ms
49ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 450
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=89a1e57d4d181992-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Thu, 27 Jun 2024 02:17:12 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ac949848-a2d2-441c-b158-a240cb1cf2ec
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ac949848-a2d2-441c-b158-a240cb1cf2ec
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Id4If%2FLZ9ml9I3GYuBZlacyzTbdqAyNL2zxgsF0XMaiEWyz4aKLTZ2cLVmcvtZs8OCbWDoBRyKkttFfzKT8%2FCwEWHq2uavdw5gxuZp%2FFLsPPYbLtW9DDodCuKWc%2BBcAp"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-wf75s
cf-ray: 89a1f07de9d8975a-FRA
x-amz-cf-id: NEw1ABN_QalqRcmHtKw1cVe9nORO6cvk9Au4IpjDzFWO81ZhGpZYZQ==

GET
H2 200 Vulnerability-Research-at-Praetorian-Labs-1024x1024.png
www.praetorian.com/wp-content/uploads/2023/10/ 174 KB
174 KB 201ms
200ms Image
image/png 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2023/10/Vulnerability-Research-at-Praetorian-Labs-1024x1024.png

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

bfea99904678b54cf87ca008ebd5935761797c52814af8a770898f74c568e389

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:51 GMT
server: nginx
etag: "665795a3-2b67a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 177786

GET
H2 200 f5-1.png
www.praetorian.com/wp-content/uploads/2023/10/ 33 KB
34 KB 201ms
200ms Image
image/png 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2023/10/f5-1.png

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

cc11053ef6ce76132604a22471bdb3321aab993411ab5ac10a3cfdaebba51aa9

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:51 GMT
server: nginx
etag: "665795a3-84a8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 33960

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
96 KB 203ms
113ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cdb8db11562ba0702b78d5e0eca70f5b56bcabcc470b45b68881a33511625c46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98193
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 02:17:13 GMT

GET gtm.js
www.googletagmanager.com/ 0
0

GET
H2 200 hotjar-2851712.js Show response
static.hotjar.com/c/ 10 KB
5 KB 167ms
69ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2851712.js?sv=6

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

6b586b2a4a4a9cfd6bf2850251f09ed7ca8465857815f95bec3cbe529bf7ec37

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/a604baa9562e13a9f7373680fb4bdfd8
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Vi8g3jvQKclZKBWx11_511IfY9O2lUVaQmTcW3Drns83QNEUFUrlYQ==

GET
H2 200 f5-2.png
www.praetorian.com/wp-content/uploads/2023/10/ 70 KB
70 KB 266ms
266ms Image
image/png 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2023/10/f5-2.png

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

62d0cd7a745e6ff47760454cf0e9abcf8e07ea0e37618f9ecddda4602edd5453

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:51 GMT
server: nginx
etag: "665795a3-116fc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 71420

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
880 B 331ms
330ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js?integration=WordPress&ver=11.1.21

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffcdccc72678d788b0fa938f4473f606dd68db5c0a978bcb416a17ab8ce716c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d8f9e4b9-3980-4a87-a8d0-bba93c31422a
x-envoy-upstream-service-time: 11
content-length: 644
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d8f9e4b9-3980-4a87-a8d0-bba93c31422a
last-modified: Wed, 26 Jun 2024 23:33:40 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-964mk
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89a1f07f3b411b93-FRA
expires: Thu, 27 Jun 2024 02:18:43 GMT

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
807 B 154ms
154ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js?ver=6.5.3

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb7f4b254b63205896168d1b3713659e85cb6e38df4297063517104c22dd5510

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f932b888-aad1-4aa2-91c8-ddfa29e75f24
x-envoy-upstream-service-time: 8
content-length: 641
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f932b888-aad1-4aa2-91c8-ddfa29e75f24
last-modified: Wed, 26 Jun 2024 23:33:40 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-v4qnt
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89a1f0814c8c1b93-FRA
expires: Thu, 27 Jun 2024 02:18:43 GMT

GET
H2 200 autoptimize_6158217190147094377b41e5f16a7153.js Show response
www.praetorian.com/wp-content/cache/autoptimize/js/ 334 KB
94 KB 161ms
159ms Script
application/javascript 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/cache/autoptimize/js/autoptimize_6158217190147094377b41e5f16a7153.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

866a99f24925760f4180147306e9a5410a6538edf3ed5e9342c550016683e605

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Mon, 17 Jun 2024 23:38:23 GMT
server: nginx
etag: W/"6670c8ef-5395f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 141ms
52ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-amz-version-id: 7Zz_oLsqoY3yHsxt9nM5YRwsj1MKwqFV
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 233
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.565/bundles/pixels-release.js&cfRay=89a1ead03fc82bcf-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 7f45a0a6-be31-4100-ae9a-116ebd153c76
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7f45a0a6-be31-4100-ae9a-116ebd153c76
last-modified: Tue, 18 Jun 2024 12:46:30 UTC
server: cloudflare
etag: W/"b233ea75981268a81228cd819e8fd5eb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cf-ray: 89a1f0824c7b2c1c-FRA
x-amz-cf-id: mVjFV-XHHuErpBqrL0R38sTqxxlxHSSHAd45_J_fyryEAzZ1DEBwAg==
x-hs-target-asset: adsscriptloaderstatic/static-1.565/bundles/pixels-release.js

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 237ms
141ms Script
application/javascript 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: dc45516b-6396-4015-8e81-1192371335f4
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=89a1f0825f3a3a61-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dc45516b-6396-4015-8e81-1192371335f4
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-kt4hg
cf-ray: 89a1f0825f3a3a61-FRA
x-amz-cf-id: abB79Q8X6DKCK5D4FkKQi39qbE5MCqoTDuqeIFQjU8L_WNy54A35CQ==
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/22265125/ 71 KB
26 KB 409ms
326ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/22265125/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e030eae4a6e596d1c9d4126736046d899bb59d1aa3d0b8b6d9e34a55cef3f9a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-amz-version-id: uIdzkJMHdK7VF30en9CA8KjIkt72nrLQ
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: JXV589ZEVEV3YK7Y
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 52c525aa-4120-4bd4-bd4a-9cb391c8d5ba
x-envoy-upstream-service-time: 54
x-amz-id-2: F7kI+M6+HYCA+5tRZ7U4l5wWsz9O5+jJES0XiZgEk2L/R/mLRvKkRtkXeaY1eFRoZjGnoq5dt8s=
x-evy-trace-listener: listener_https
x-request-id: 52c525aa-4120-4bd4-bd4a-9cb391c8d5ba
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 14 May 2024 23:56:38 GMT
server: cloudflare
etag: W/"85f24facb03d0f31fafc4e8e63003b99"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-9fld2
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 89a1f0824eea9244-FRA
expires: Thu, 27 Jun 2024 02:22:13 GMT

GET
H2 200 22265125.js Show response
js.hs-analytics.net/analytics/1719454500000/ 68 KB
24 KB 262ms
172ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1719454500000/22265125.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/22265125.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a417960751356272d97f187586475adc3b03945418727de6b2648676afae4467

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: E4JVBZE00N9XQP40
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: c97b6c3a-adc3-4422-b484-01c9ead98ba5
x-envoy-upstream-service-time: 26
x-amz-id-2: l41JT/DNKZYYt6VVZW02cdhZ+fHWp36RlcEiENzsGRUfOcgV3K2NWV+cy4EuIOGWrIf2+oYUEIE=
x-evy-trace-listener: listener_https
x-request-id: c97b6c3a-adc3-4422-b484-01c9ead98ba5
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 21 Jun 2024 21:30:46 GMT
server: cloudflare
etag: W/"4b1e133f46f82b41d6492007f06b35fd"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 89a1f0824fc41c15-FRA
expires: Thu, 27 Jun 2024 02:22:13 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 172ms
38ms Stylesheet
text/css 2a02:26f0:480:f::213:7edb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=yng4pbv&ht=tk&f=26911.26913.34691.34692.34693.34697.34701.36466.36470.36471.36473&a=23300812&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7edb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
last-modified: Sun, 10 Sep 2023 12:39:23 GMT
server: nginx
etag: "64fdb8fb-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 hotjar-2358062.js Show response
static.hotjar.com/c/ 0
430 B 163ms
66ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2358062.js?sv=5

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
date: Thu, 27 Jun 2024 02:17:13 GMT
x-content-type-options: nosniff
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
content-length: 0
x-amz-cf-id: a294v0yweWFuWlufsgPhTWPuhQfScnUt1IRy-rGGb9ooCJazjKrycw==

GET
H2 200 nav-active.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 1 KB
1 KB 165ms
165ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/nav-active.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

6a980933b39409d97cd947dd6dc1837de2e49e87c7d9903122adb293cc8404cf

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:05 GMT
server: nginx
etag: W/"665795b1-41e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 l
use.typekit.net/af/e40556/00000000000000007735adbc/30/ 44 KB
45 KB 225ms
67ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e40556/00000000000000007735adbc/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: a60e4a6f8b89cbd1debcd7f90a0e60099a7caa9490a3c5305b18cb094c53dd4b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "f3cafd088bc07c2d3ded8cc91e0729be713189cf"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45396

GET
H2 200 l
use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/ 21 KB
21 KB 218ms
60ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5a2c6f/00000000000000003b9ad13c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: 878130b86e81304bd9d8afd8a8c5bc6c2d03194a3917e5bab3ddfa9eb3a07cb3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "22cae4f69d39ee6531cf5c3445fc374f7c7869cc"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21636

GET
H2 200 l
use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/ 21 KB
21 KB 288ms
130ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3f03c1/00000000000000003b9ad13e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: b475b2648fbcf6b9f1535198a5f52c11dc0bb9ed88bbf93d39eb1be9a391edc4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "1a48bcc440a68538029c6482155125eab9fb73c6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21352

GET
H2 200 l
use.typekit.net/af/7c9acc/00000000000000007735adc8/30/ 44 KB
44 KB 271ms
113ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/7c9acc/00000000000000007735adc8/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: b084305ba75c61a6309a9dec021937b5d7674640f9017527dda68bf72312e882

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "16adcf7e4da5d53f928f7fcda315b413887cac41"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45284

GET
H2 200 l
use.typekit.net/af/09940c/00000000000000007735a996/30/ 26 KB
26 KB 339ms
181ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/09940c/00000000000000007735a996/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: 417debb36c2433e8aac621b9b88cef9aee936879ee30051b8724b606bcc84fd9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "accde79d00f44e34fcec986689bcda82817c4a98"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26132

GET
H2 200 l
use.typekit.net/af/3f8415/00000000000000007735a9bb/30/ 25 KB
26 KB 331ms
174ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3f8415/00000000000000007735a9bb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: 97c93526e3f8fe46ecf144bbe83442d7e0d6458021d47039b7db77b32918f530

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "8cb803a20ad97d966652b2c079d44eb6f5146fdd"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25940

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/ 7 KB
3 KB 235ms
184ms XHR
application/json 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/22265125/5e57e01a-cf69-4eaa-85b5-696d7fc41105/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

daf2b708206f51b8cacaabe9486a081da986eb7443d65d8ef2d3da36ae848728

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: eb06500b-58b5-46dd-86a2-c400e8e6dfa8
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 1724
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: eb06500b-58b5-46dd-86a2-c400e8e6dfa8
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 89a1f0825dd9aca9-TXL
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr

GET
H2 200 MWeber.png
www.praetorian.com/wp-content/uploads/2021/08/ 122 KB
122 KB 152ms
150ms Image
image/png 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/08/MWeber.png

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

ca2c0be92297bf5746817d5591fd37cc34ea4c72b9f5d6ff1f45fb3abee97109

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:55 GMT
server: nginx
etag: "665795a7-1e614"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 124436

GET
H2 200 5f590af0d2b96bfecf38edac_thomas-hendrickson.jpg
www.praetorian.com/wp-content/uploads/2021/01/ 26 KB
27 KB 155ms
154ms Image
image/jpeg 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/uploads/2021/01/5f590af0d2b96bfecf38edac_thomas-hendrickson.jpg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

ce51237183faac35aa45751edf0e827fdeb88b729af4dd521dbab869fc15cc6e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:53:02 GMT
server: nginx
etag: "665795ae-6833"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 26675

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 180ms
53ms Script
application/javascript 2001:2030:21::3e73:fc93
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:2030:21::3e73:fc93 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=34063
accept-ranges: bytes
content-length: 14004

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 btn-arrow.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 2 KB
1 KB 174ms
174ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-arrow.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1b52c6a2e51fe8d9a185649b9b7cffb2c1862ec60cf612070432c1ac4109c06e

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:04 GMT
server: nginx
etag: W/"665795b0-7f2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watermark-logo-thin.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 10 KB
5 KB 175ms
174ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-logo-thin.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1f23f74bd4bda9fc5092ba34675f43d4acf2e635010a21effeaca79d7ea5d458

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:04 GMT
server: nginx
etag: W/"665795b0-2691"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 hexagon-plain.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 902 B
991 B 174ms
173ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/hexagon-plain.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

f7085b8cb031174e44bfff6d7a12f931bf5948b9cb9d6997814dc7812464fce7

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:05 GMT
server: nginx
etag: W/"665795b1-386"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watermark-footer.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 6 KB
3 KB 174ms
174ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/watermark-footer.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

202f0d4e1127ce8b1a3029ac6724c6c081d5b7936b0c81ea3f42862618fc22c6

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:05 GMT
server: nginx
etag: W/"665795b1-16ff"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 l
use.typekit.net/af/83c732/00000000000000007735adb0/30/ 38 KB
39 KB 277ms
159ms Font
application/font-woff2 2001:2030:21::3e73:fc89
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/83c732/00000000000000007735adb0/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i2&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:2030:21::3e73:fc89 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),
Reverse DNS
Software: nginx /
Resource Hash: 9612e8740a4bc6cc15b7c4ed79ab3085a17461a38b0288bf4d24d5c06126f9ce

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://use.typekit.net/yng4pbv.css?ver=6.5.3
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
server: nginx
etag: "92403c600bd3d234e57963b131aa34e69af3322a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 39360

GET F5-POC-Video.mp4
www.praetorian.com/wp-content/uploads/2023/10/ 0
0

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 modules.de6b9e294c29aa146ba1.js Show response
script.hotjar.com/ 223 KB
56 KB 149ms
45ms Script
application/javascript 13.33.187.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2851712.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-74.fra60.r.cloudfront.net

Software

Resource Hash

743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 10:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 6ee264f4aa2ef518b13a5a8305e8080e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 229686
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56329
last-modified: Mon, 24 Jun 2024 10:28:38 GMT
etag: "008a76cf1200a93494425164a6546e72"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 8h3NVLWwljLtpO-dqbbJ0CkEkS8IMMONq_e7eaUKr54RnXQitk1jJQ==

GET
H2 200 mejs-controls.svg
www.praetorian.com/wp-includes/js/mediaelement/ 4 KB
2 KB 150ms
150ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-includes/js/mediaelement/mejs-controls.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:52:47 GMT
server: nginx
etag: W/"6657959f-11f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 206 F5-POC-Video.mp4
www.praetorian.com/wp-content/uploads/2023/10/ 191 KB
0 151ms
150ms Media
video/mp4 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/uploads/2023/10/F5-POC-Video.mp4?_=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:51 GMT
server: nginx
etag: "665795a3-1435bc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-1324475/1324476
cache-control: public, max-age=31536000
Content-Length: 1324476

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
864 B 601ms
498ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"2","priority":"0"}],"filters":[{"c":["270012514"]},{"c":["266992984"]},{"c":["263639134"]},{"c":["263639124"]},{"c":["259471844"]}],"debug_key":"13865242"}
content-encoding: gzip
date: Thu, 27 Jun 2024 02:17:13 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CF1E8522522B4536ACE515E9F4C1A7B8 Ref B: DUS30EDGE0313 Ref C: 2024-06-27T02:17:13Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYb1bqqRD0xBY5HT4g0jw==
x-fs-uuid: 00061bd5baaa443d31058e474f88348f

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&c...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3767322%26time%3D1719454633507%26url%3Dhttps%253A%252F%252Fwww.praetorian.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&c...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&...

0
142 B

226ms
225ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&cookiesTest=true&liSync=true&e_ipv6=AQL0F7LWCMytQgAAAZBXe5EfSkqJZjpExwdquqaUMNvw2wRQCizF-jB7wu2vD_Ko-HOAJw4F
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BAB077DD273B4610A7CEF26625DCC924 Ref B: FRAEDGE2020 Ref C: 2024-06-27T02:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqx3cffOKD1Vi3blA==

Redirect headers

date: Thu, 27 Jun 2024 02:17:13 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: A995E62A6F7441E598A6D7CD6852F321 Ref B: FRAEDGE1521 Ref C: 2024-06-27T02:17:14Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322&time=1719454633507&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&cookiesTest=true&liSync=true&e_ipv6=AQL0F7LWCMytQgAAAZBXe5EfSkqJZjpExwdquqaUMNvw2wRQCizF-jB7wu2vD_Ko-HOAJw4F
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqux1gPYyGErL52Pw==

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
455 B 174ms
163ms XHR
application/json 2606:4700::6810:6efe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=22265125&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e93aa9eec4d6341f32f8f81fd9a1865413878bb08addce9c0fbafdfcd4e1ff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: df4cda04-6544-482d-91e9-92df522dea45
x-envoy-upstream-service-time: 13
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: df4cda04-6544-482d-91e9-92df522dea45
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-zrgzf
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 89a1f083c81b3a61-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
886 B 214ms
155ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f41ebedf-7152-44f3-97b9-bb0f0a884e96
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f41ebedf-7152-44f3-97b9-bb0f0a884e96
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-8bqln
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 89a1f0842d4f44f8-TXL

GET
H2 200 btn-fill-edge.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 475 B
807 B 151ms
150ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

1fb7c0840941cfb0c984be505c08b3adcf60131a957cce45f91726017c771fa5

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:05 GMT
server: nginx
etag: W/"665795b1-1db"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 btn-fill-edge-rotated.svg
www.praetorian.com/wp-content/themes/studio-simpatico/svgs/ 480 B
815 B 150ms
150ms Image
image/svg+xml 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.praetorian.com/wp-content/themes/studio-simpatico/svgs/btn-fill-edge-rotated.svg

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

3207a467556090b6d0107d8a636d62b8b65786050b543a71b11b95c2a46ccc59

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/wp-content/cache/autoptimize/css/autoptimize_bce410e2475518d9d7050df587d7e0a3.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
content-encoding: br
last-modified: Wed, 29 May 2024 20:53:05 GMT
server: nginx
etag: W/"665795b1-1e0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 144ms
50ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-WG4YYDQ1NH&gtm=45je46q0v888757690za200&_p=1719454632572&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&gdid=dZTNiMT&cid=244833291.1719454634&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719454633&sct=1&seg=0&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&dt=Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2409&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 154ms
52ms Ping
text/plain 2a00:1450:400c:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WG4YYDQ1NH&cid=244833291.1719454634&gtm=45je46q0v888757690za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 99ms
49ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WG4YYDQ1NH&cid=244833291.1719454634&gtm=45je46q0v888757690za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1937488048

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f195.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
465 B 466ms
466ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: DD18CBDC61D6405BBA078D86D66FC473 Ref B: DUS30EDGE0313 Ref C: 2024-06-27T02:17:13Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYb1bqrZjDI3m7KMmUiXw==
x-fs-uuid: 00061bd5baab6630c8de6eca3265225f

GET
H2 200 dc684754-1ecd-4a72-ab04-f7a433acb0dc.js Show response
j.6sc.co/j/ 5 KB
5 KB 596ms
431ms Script
application/javascript 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/dc684754-1ecd-4a72-ab04-f7a433acb0dc.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-131-152.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 55cb7986aa2cdd3e35ebf4be8d112aa27ce2a473d7914483f31ecc6dfbd1bf21

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: a88kQFqZnGOAEdq6UO6cVn_TFGuFtTBR
date: Thu, 27 Jun 2024 02:17:14 GMT
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 4868
pragma: no-cache
last-modified: Tue, 16 Apr 2024 23:31:27 GMT
server: AmazonS3
etag: "7d95ee6175579cfd772119dd8dfe5371"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 3HiZX49jXEMsk4s1sCwIhULYUVZxXZpF3eHXgyD92tCzG5fQDR_rwQ==
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 144ms
144ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 5607700B51964BC39B1E8912D5BCE552 Ref B: DUS30EDGE0313 Ref C: 2024-06-27T02:17:13Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYb1bqm92BFgCw3bCxflA==
x-fs-uuid: 00061bd5baa6f76045802c376c2c5f94

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
85 KB 58ms
57ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973478582&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

91d8b14a30057559482761055b980f053c412c7a25d4ae5b9756b6afe77cf6c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86682
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 02:17:13 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
0 0ms
0ms Script
application/javascript 2001:2030:21::3e73:fc93
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:2030:21::3e73:fc93 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=34063
accept-ranges: bytes
content-length: 14004

GET
H2 200 hotjar-2851712.js Show response
static.hotjar.com/c/ 10 KB
5 KB 39ms
39ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2851712.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

6b586b2a4a4a9cfd6bf2850251f09ed7ca8465857815f95bec3cbe529bf7ec37

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/a604baa9562e13a9f7373680fb4bdfd8
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: iDg0F4aq4HIalP4sK23I7urwxPfq62PkTNZeE1rvSMiPeal8h5NcTg==

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
464 B 500ms
499ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"2","priority":"0"}],"filters":[{"c":["270012514"]},{"c":["266992984"]},{"c":["263639134"]},{"c":["263639124"]},{"c":["259471844"]}],"debug_key":"13865242"}
content-encoding: gzip
date: Thu, 27 Jun 2024 02:17:13 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 2EE3F64F52A848A4AD860CFA28628F43 Ref B: DUS30EDGE0313 Ref C: 2024-06-27T02:17:13Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYb1bqrnywx3GW6p5WR9w==
x-fs-uuid: 00061bd5baab9f2c31dc65baa79591f7

GET
H2 200 pixel.js Show response
grow.clearbitjs.com/api/ 100 B
363 B 379ms
227ms Script
text/javascript 216.24.57.4
RENDER

General

Check archive.org

Show headers Download Go to

Full URL

https://grow.clearbitjs.com/api/pixel.js?v=1719454633702

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.24.57.4 , United States, ASN397273 (RENDER, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4bdad53042e2bd6e5a231bfcd66d19dc33f507edc2b847ff3c58aca74ff138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
rndr-id: dda0437f-b3bf-43c9
x-render-origin-server: Render
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 89a1f085b84a6a77-TXL
alt-svc: h3=":443"; ma=86400

GET
H2 403 tags.js
tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/ 0
0 335ms
191ms Script
application/javascript 2600:9000:2670:9a00:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:9a00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 3aedbf31650352660fd3a878f7b791c8.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: 5Ul4jwJFwxtftQLb8s773A1RT4Bwhp3oufboxwshhhCt13xIX3HN1A==

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
37 KB 187ms
38ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?275
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 01:51:12 GMT
via: 1.1 google
age: 1561
x-guploader-uploadid: ACJd0Nr2Llb1GQwThQLipM0Avy89wuhpQd3MR6_WesuAIJeG4kgMVDKyT05nDIxChp-dTzVGj5_jZWK-jg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37568
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
etag: "611c769b568a169ba0179bc0e4fb3d9e"
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: FRA-fa985ced
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H2 200 22265125.js Show response
js.hs-scripts.com/ 2 KB
0 0ms
0ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/22265125.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4SGWLT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6179d30f86229f152bdece596a99629e9804213b9d3f8b3fd53cfa5baa074e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a36719dc-3d82-4526-9fd2-f2c3fb2ee87c
x-envoy-upstream-service-time: 15
content-length: 636
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a36719dc-3d82-4526-9fd2-f2c3fb2ee87c
last-modified: Wed, 26 Jun 2024 23:18:42 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-6x7hg
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89a1f07e1a841b93-FRA
expires: Thu, 27 Jun 2024 02:18:42 GMT

GET
H2 200 uet2c95y5w8r.js Show response
js.driftt.com/include/1719454800000/ 221 KB
62 KB 317ms
167ms Script
application/javascript 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1719454800000/uet2c95y5w8r.js

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2037c0cffae2688b5332df106c910e1532df3643c28b9023ff746645acda3f70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: USw4R1QyON_u1NhEdBvG7FTDCSL9gnOr
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 27 Jun 2024 02:17:13 GMT
via: 1.1 8e8e6ea60de74421f0058675cbcf9cb0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Fri, 21 Jun 2024 15:56:20 GMT
server: istio-envoy
etag: W/"e8d94d8bce9981cde582b060ea1cdc6e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VMQrafw28nZ-rRlGqlA1M6CzzWbh8NYs32zfbR0kwB3dMUFVQQQy6A==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023...

0
143 B

218ms
217ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJNr62Ut6dCNQAAAZBXe5C4eRVukaWpkSYdFD7JLkwO0oxXbrX-LQW2XzgeKPOJJ8sM_B9Q
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 623752DC1DEC4DCEA295D720BCF7B9D8 Ref B: FRAEDGE2020 Ref C: 2024-06-27T02:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqxEoEZgS/5shiP+w==

Redirect headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CCD245C9A5D44E7987EF80197762902B Ref B: FRAEDGE1521 Ref C: 2024-06-27T02:17:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633685&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJNr62Ut6dCNQAAAZBXe5C4eRVukaWpkSYdFD7JLkwO0oxXbrX-LQW2XzgeKPOJJ8sM_B9Q
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqtCyYYP0XSquQqRQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023...

0
265 B

283ms
182ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJR1mf29AuIyAAAAZBXe49I7oADWPoRbe_dERzIvdHDgqTLfzKem17SkdZW_l8FKa91NkHT
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: A6AEDBC525A14B5487722C18BC596E88 Ref B: FRAEDGE2020 Ref C: 2024-06-27T02:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqr7DVYShJAazwTvA==

Redirect headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: A68AD6A19E064118AE7B9C979C8DFBD8 Ref B: FRAEDGE1521 Ref C: 2024-06-27T02:17:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3757322%2C3767322&time=1719454633689&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQJR1mf29AuIyAAAAZBXe49I7oADWPoRbe_dERzIvdHDgqTLfzKem17SkdZW_l8FKa91NkHT
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqnlfmy8fXMUQmPfw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023...

0
165 B

217ms
217ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQKLaBqRKKhoPwAAAZBXe5CzEq72BZZgSX9xn2NFhfddJH4vTgBmKR7ZZePP9AUeX99VWp-v
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8E7BEC0E4BCF43A785ED1F597992819E Ref B: FRAEDGE2020 Ref C: 2024-06-27T02:17:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqwgIGXvRcOmkjdHw==

Redirect headers

date: Thu, 27 Jun 2024 02:17:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: D8EB04E65A7449ED819177A0AA37F61D Ref B: FRAEDGE1521 Ref C: 2024-06-27T02:17:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3767322%2C3757322&time=1719454633701&url=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&tm=gtmv2&e_ipv6=AQKLaBqRKKhoPwAAAZBXe5CzEq72BZZgSX9xn2NFhfddJH4vTgBmKR7ZZePP9AUeX99VWp-v
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYb1bqtIKTcl6cWaPkr4w==

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
850 B 158ms
154ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 896c4524-0639-4a06-bbee-1b91322659c3
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 896c4524-0639-4a06-bbee-1b91322659c3
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-k4hjn
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 89a1f084de0e44f8-TXL

GET
H2 200 preact-incoming-feedback.a4d7fb05a6657790bcf7.js Show response
script.hotjar.com/ 199 KB
45 KB 47ms
46ms Script
application/javascript 13.33.187.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/preact-incoming-feedback.a4d7fb05a6657790bcf7.js

Requested by

Host: script.hotjar.com
URL: https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-74.fra60.r.cloudfront.net

Software

Resource Hash

73046786c30c176b61049789a06ce4461655927faf28d1bab2aa9e4547949620

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 17 May 2024 10:05:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 6ee264f4aa2ef518b13a5a8305e8080e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 3514326
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 45575
last-modified: Fri, 17 May 2024 10:05:06 GMT
etag: "c5390e5a02f2d7b5e64eaac00a4e9e1a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 1GEhJd8ArozioVuxHKMS9bWnjLyG0nDcZrFt-2g9N6yI9KeRxHvexw==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
886 B 203ms
158ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1381915e-c229-4af9-b28d-a97794c03027
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1381915e-c229-4af9-b28d-a97794c03027
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-6lppp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 89a1f08568ec6a73-TXL

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
1 KB 243ms
154ms XHR
application/json 2606:4700::6812:f06c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=22265125

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb017b11346c44f8c491900723c7095f74223487be55b56751064e8cc0034654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4ff4430a-967e-4638-919c-5cfe3f3f07dd
content-encoding: br
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4ff4430a-967e-4638-919c-5cfe3f3f07dd
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.praetorian.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-pfr4t
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ombp%2FVPqzfVm2lWNWuPbTORWg9JjKyTAJz%2FIrTXzsuwd1%2Bgbgqw0psVG%2B0pycJTbs%2Fz5ahSGiSasZ4eyZYKDQU%2F0w1aR%2F%2BItyDFzAAnXhkAtX7Y%2B2tZsbU89lHCVwmTgtRwppmYovK2QX6Oq"}],"group":"cf-nel","max_age":604800}
cf-ray: 89a1f085bbc6bbaa-FRA
access-control-allow-headers: *

GET
H2 206 F5-POC-Video.mp4
www.praetorian.com/wp-content/uploads/2023/10/ 45 KB
46 KB 147ms
143ms Media
video/mp4 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/uploads/2023/10/F5-POC-Video.mp4?_=1

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

b37d6ceb18bd6e71b64d0e285a135415906eb7774bf8379759e3fd56c06af035

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Range: bytes=1277952-
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:52:51 GMT
server: nginx
etag: "665795a3-1435bc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 1277952-1324475/1324476
cache-control: public, max-age=31536000
Content-Length: 46524

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
333 B 324ms
323ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.praetorian.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B14C2359B55041968F13F5E71B0DD095 Ref B: FRAEDGE1521 Ref C: 2024-06-27T02:17:13Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.praetorian.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYb1bqrFTbpfD46aT4RFw==

GET
H2 200 font-hotjar_5.65042d.woff2
script.hotjar.com/ 2 KB
3 KB 118ms
38ms Font
font/woff2 13.33.187.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/font-hotjar_5.65042d.woff2

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-74.fra60.r.cloudfront.net

Software

Resource Hash

fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Origin: https://www.praetorian.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 10 Sep 2023 20:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 2ad26f5878b778b17955978bf962dc9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 25077509
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 08 Sep 2023 09:39:02 GMT
etag: "c9fb9163f8b7be37023ebe649688bebf"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
x-robots-tag: none
x-amz-cf-id: oSjT1sVt504SHfUc-o0Ge2NiqxD68J-a3Eb5D8v76WSXiV2qGbxQ-Q==

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
254 B 59ms
58ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=89211&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pv=1719454633938_ebhgrr7pv&bl=de-de&cb=2516108&return=&ht=&d=&dc=&si=1719454633938_ebhgrr7pv&cid=&s=1600x1200&rp=&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?275
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:13 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
85 KB 54ms
54ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973478582

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

63a1791d3aa3e83543b3750290630ba680d6ec819969e9aea1756e1de8da6bc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86558
x-xss-protection: 0
last-modified: Thu, 27 Jun 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
0 0ms
0ms Script
application/javascript 2001:2030:21::3e73:fc93
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:2030:21::3e73:fc93 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=34063
accept-ranges: bytes
content-length: 14004

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 38ms
37ms Script
application/javascript 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/dc684754-1ecd-4a72-ab04-f7a433acb0dc.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 Jun 2024 00:42:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "666b9204-10980"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18315
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
701 B 163ms
53ms XHR
application/json 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
an-x-request-uuid: 5acd03a7-da98-4f2b-82fe-29d0674c3f6f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.praetorian.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.117; 80.255.7.117; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 51ms
37ms XHR
text/html 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-50-131-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.praetorian.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
314 B 231ms
49ms XHR
text/html 2a02:26f0:d200::6010:3671
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:d200::6010:3671 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 50e126ce6f4caca8606dfda7334e0e2927cca6818e6052deb6820567f17e7eca

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.praetorian.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:93::10
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1719454634450_1611675245_1387346137_16_590_51_100_219";dur=1
content-length: 20
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 725 B
709 B 241ms
168ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 1ffad50b911f399d96dcf54250c6d9827040e42f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag dc684754-1ecd-4a72-ab04-f7a433acb0dc
Referer: https://www.praetorian.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 5531743965909612842
date: Thu, 27 Jun 2024 02:17:14 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.praetorian.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 387

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 139ms
40ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.praetorian.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Thu, 27 Jun 2024 02:17:14 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 259606434991910349

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 149ms
133ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 146ms
130ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%222f9e661fff3e404e57be18fe99c7aead%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%221ffad50b911f399d96dcf54250c6d9827040e42f%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22dc684754-1ecd-4a72-ab04-f7a433acb0dc%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 136ms
134ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A93%3A%3A10%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Requested by

Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:14 GMT

GET
H2 200 core
js.driftt.com/ Frame B53F 0
0 408ms
329ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=uet2c95y5w8r&eId=uet2c95y5w8r&region=US&forceShow=false&skipCampaigns=false&sessionId=7100cbb0-0f50-4e4e-999c-4ee285847544&sessionStarted=1719454634.722&campaignRefreshToken=06b59ed6-ef33-464c-9f98-a927a739a9a4&hideController=false&pageLoadStartTime=1719454632677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1719454800000/uet2c95y5w8r.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 02:17:15 GMT
etag: W/"74a81592f0631c08ef97fa9ab4eb35c0"
last-modified: Fri, 21 Jun 2024 15:56:07 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-amz-cf-id: p0JeoMpoPxrCKurJ1FKxW3H4yQZytsjKR4Lw-qD1DIFug0PmvxdlFQ==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: SJ6foYnSjzz7jwTNyrUHCGj6UyWE9zz7
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23

GET
H2 200 chat
js.driftt.com/core/ Frame F337 0
0 407ms
330ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1719454632677

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1719454800000/uet2c95y5w8r.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.praetorian.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 02:17:15 GMT
etag: W/"74a81592f0631c08ef97fa9ab4eb35c0"
last-modified: Fri, 21 Jun 2024 15:56:07 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-amz-cf-id: luC-ObnEFLn2jT5cz2qa_KEZk1Dhebu0KX7qzAmgiKavw9SodFE6Vw==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: SJ6foYnSjzz7jwTNyrUHCGj6UyWE9zz7
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 46

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 225ms
171ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.praetorian.com
URL: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
x-amz-version-id: az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via: 1.1 c0f6d569dc3603537a21705f48d93398.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: BAH53-C1
age: 53261
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jun 2024 11:29:23 GMT
server: cloudflare
etag: W/"e3c441f75699329acb887bf918f755c9"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 89a1f08b8f0aaca9-TXL
x-amz-cf-id: -oa4RIeASk3ZOvH9p81Dg4-0Spl1JbWdclqcJK6yOYdj16JvS-3y1A==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
753 B 255ms
168ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&t=Compromising+F5+BIGIP+with+Request+Smuggling+%7C&cts=1719454634738&vi=699cfd2b318fb58ed3a0b47cf3d24e10&nc=true&u=185921974.699cfd2b318fb58ed3a0b47cf3d24e10.1719454634735.1719454634735.1719454634735.1&b=185921974.1.1719454634735&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2dce6798-c287-49f5-9672-d7efadd00a78
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 11
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2dce6798-c287-49f5-9672-d7efadd00a78
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVDhMtX4KORzUICzKY5ZVTOuU0%2BXamNBjCAmrqBufF%2B9Avq%2FKpu%2Fn5BZaMDK0l4ulLSIb0TXZLp6E9Rwu215f4XOwmjsYFWcWKnGELcEKJjUWImsROc6Xw5bmk9xjNm%2BhwkayuOQfzL5GEzAIfgv"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-nxqrk
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 89a1f08bcd05bbf7-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 248ms
167ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=7f5fd8c0-66da-4cf8-a0d3-777bf9e57f5a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&t=Compromising+F5+BIGIP+with+Request+Smuggling+%7C&cts=1719454634740&vi=699cfd2b318fb58ed3a0b47cf3d24e10&nc=true&u=185921974.699cfd2b318fb58ed3a0b47cf3d24e10.1719454634735.1719454634735.1719454634735.1&b=185921974.1.1719454634735&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8be07553-db24-4fa4-a811-620730224bd3
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8be07553-db24-4fa4-a811-620730224bd3
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Kqf8yUaC3efJMbOh3wB5f6fLzcj%2FXrFHS%2FnrozfFRVaVS7BtR2Si5Cu%2B6cficsahUaKCCyvmU3whiIk5LOUzL5En%2FKoouw9XU53RDvyREmRomBZhcAVBxraLa87b7chXB8E8EKPYIgttL%2Fd%2BJHT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-4g7wv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 89a1f08bcd06bbf7-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
597 B 248ms
168ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=5e57e01a-cf69-4eaa-85b5-696d7fc41105&fci=7f5fd8c0-66da-4cf8-a0d3-777bf9e57f5a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=22265125&ct=blog-post&rcu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pu=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&t=Compromising+F5+BIGIP+with+Request+Smuggling+%7C&cts=1719454634740&vi=699cfd2b318fb58ed3a0b47cf3d24e10&nc=true&u=185921974.699cfd2b318fb58ed3a0b47cf3d24e10.1719454634735.1719454634735.1719454634735.1&b=185921974.1.1719454634735&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 690ddcf5-001d-4d80-b45b-e3e07f687568
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 690ddcf5-001d-4d80-b45b-e3e07f687568
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G2NyXWMeissTQ2GfhuIDmWljDuumLwOp6qlmMpgHjB7bE%2F%2F8qfZXOy1F8hN8dakQaxiBQOmhCGq1BJd%2BgN%2F3GONrqJWi0IwfbFRPB1pcuz0O4WQ8HkaG9VqAb8flSZpM64CajQgNYIIC2AKDQSDz"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-4g7wv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 89a1f08bcd07bbf7-FRA
x-robots-tag: none

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
519 B 958ms
957ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 47bbe1cb5f5a139efef4c4d1f3ef7dc5d541524494c0893eed8f93e4c6556b2b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer d2849480311681745459
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.praetorian.com/
visited_url: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

Response headers

date: Thu, 27 Jun 2024 02:17:17 GMT
via: 1.1 1484e663ceddae5460cfdb19a3c7d448.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: BAH53-C1
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: aATDDhVdPHcEPxw=
server: cloudflare
etag: W/"92-Mwv+lj1jSYAXB/lChO/ahl+X4IY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 89a1f093cf9558de-TXL
x-amz-cf-id: 4TX8S9uDlzdNEf79bfYHGIrcSd8V5JdX7iFfjaiXE7ouCh2bJ67A5Q==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 1148ms
1107ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: aATC6hxqPHcEPGA=
cf-cache-status: DYNAMIC
cf-ray: 89a1f08cddbe58de-TXL
date: Thu, 27 Jun 2024 02:17:16 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 6875e0a7bd9edbe1e31cf13567cf2626.cloudfront.net (CloudFront)
x-amz-cf-id: 2Zd6a5xu4Zm6rx0iWPsgt38tbeDzZeOy7k8U_9vn_CDJ5OsXonujvQ==
x-amz-cf-pop: BAH53-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 131ms
130ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A14%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:15 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:15 GMT

GET
H2 200 cropped-Praetorian-Favicon-32x32.png
www.praetorian.com/wp-content/uploads/2021/01/ 1 KB
2 KB 149ms
148ms Other
image/png 146.148.61.165
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.praetorian.com/wp-content/uploads/2021/01/cropped-Praetorian-Favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

146.148.61.165 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

165.61.148.146.bc.googleusercontent.com

Software

nginx /

Resource Hash

562f63e0d349529b85a7731c44f4890b86d4005bddd37a8a545a63898467fb38

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:15 GMT
content-security-policy: frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
last-modified: Wed, 29 May 2024 20:53:04 GMT
server: nginx
etag: "665795b0-580"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1408

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 134ms
133ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:16 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:16 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
134ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:16 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:16 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/ 3 KB
2 KB 456ms
413ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6959c87d7cbcc4b7f8b2af1a5902fb3c8faeb003357ae54d989284195d99b416

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
Referer: https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
_vtok: ODAuMjU1LjcuMTE3
_zitok: ceaff4a3ffa1dbb811871719454636
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 02:17:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.praetorian.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 89a1f09ba9852681-TXL

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/ Frame 0
0 250ms
197ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/643d69ab01de62a7d084c0dd/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.praetorian.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.praetorian.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89a1f09a1bb02671-TXL
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 27 Jun 2024 02:17:17 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 133ms
133ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A16%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:17 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:17 GMT

GET
BLOB 200
OK cc75d36f-af2d-440b-ab6f-d9a02b9bacf3 Show response
https://www.praetorian.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.praetorian.com/cc75d36f-af2d-440b-ab6f-d9a02b9bacf3
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6959c87d7cbcc4b7f8b2af1a5902fb3c8faeb003357ae54d989284195d99b416

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 2954
Content-Type: text/javascript

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 134ms
134ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A17%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:18 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:18 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 46ms
45ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-WG4YYDQ1NH&gtm=45je46q0v888757690z8859579073za200&_p=1719454632572&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&gdid=dZTNiMT&cid=244833291.1719454634&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAC&_s=2&sid=1719454633&sct=1&seg=1&dl=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&dt=Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C&en=page_view&_et=37&up.ClearbitTrafficType=Non-Company&up.ClearbitCompanyName=Non-Company&up.ClearbitCompanyDomain=Non-Company&up.ClearbitIndustry=Non-Company&up.ClearbitHQCountry=Non-Company&up.ClearbitHQState=Non-Company&up.ClearbitHQCity=Non-Company&up.ClearbitEmployeeRange=Non-Company&up.ClearbitEstimatedRevenueRange=Non-Company&tfd=7449&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WG4YYDQ1NH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.praetorian.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 135ms
135ms Image
image/gif 23.50.131.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=2f9e661fff3e404e57be18fe99c7aead&svisitor=null&visitor=c57b895f-707f-41db-8595-5b7f6ee5c9df&session=65502eb1-7a50-4cbb-8d9e-d6c389597e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2027%20Jun%202024%2002%3A17%3A18%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Our%20team%20identified%20a%20request%20smuggling%20vulnerability%20that%20led%20to%20complete%20compromise%20of%20an%20F5%20system%20with%20the%20TMUI%20exposed.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Compromising%20F5%20BIGIP%20with%20Request%20Smuggling%20%7C%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.praetorian.com%2Fblog%2Frefresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747%2F&pageViewId=19518afb-5fd2-4bcc-8e40-54bbd7d19a75&an_uid=0&webTagId=dc684754-1ecd-4a72-ab04-f7a433acb0dc&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.50.131.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-50-131-152.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.praetorian.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 27 Jun 2024 02:17:19 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 27 Jun 2024 02:17:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54H7Q6G

Domain: www.praetorian.com
URL: https://www.praetorian.com/wp-content/uploads/2023/10/F5-POC-Video.mp4?_=1

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 21:37:36	Name: __cf_bm Value: tkFCJzC1BZiQ61WvQhW0KGm0iFj6.a12zFPfGPS.UUs-1719454632-1.0.1.1-JCL.2Weu_aYN.Iy7q.vcSqIBnkinuRwO0sZijRV7VAWaBJCMAKf9f.F6UjOrFt1Mk86.QcDhQ1tuODfqS7wLUQ
.praetorian.com/	1970-01-21 07:13:34	Name: _ga Value: GA1.1.244833291.1719454634
.praetorian.com/	1970-01-20 23:47:10	Name: _gcl_au Value: 1.1.310581215.1719454634
.praetorian.com/	1970-01-21 07:13:34	Name: _ga_WG4YYDQ1NH Value: GS1.1.1719454633.1.1.1719454633.60.0.0
.linkedin.com/	1970-01-20 23:47:10	Name: li_sugr Value: 15799e44-ae02-4dca-85fa-ed8610b79fef
.praetorian.com/	1970-01-21 06:23:10	Name: _hjSessionUser_2851712 Value: eyJpZCI6IjQzYzkzMDlkLWJkYTAtNTYyNy1hYjhhLTU2MzVkMWE1ZDhhNyIsImNyZWF0ZWQiOjE3MTk0NTQ2MzM3NTUsImV4aXN0aW5nIjpmYWxzZX0=
.praetorian.com/	1970-01-20 21:37:36	Name: _hjSession_2851712 Value: eyJpZCI6ImI1NzA5YmE2LTY5NmQtNDIwMC04YjlhLTkyZDYyYjBiYjQwMCIsImMiOjE3MTk0NTQ2MzM3NTYsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-20 22:20:46	Name: UserMatchHistory Value: AQL4_6qVHzMGbQAAAZBXe49oU9Q5HwqkL_0vLe9NWhpe1PDSg-oVQwG4b-X5tCvGqF9LJ3TXlNuVYA
.linkedin.com/	1970-01-20 22:20:46	Name: AnalyticsSyncHistory Value: AQLBiBNLeVU-OgAAAZBXe49oUxwDOLS1LcfWSv4EODpgNkMUy3eso5NuB4uhpKDIQYBRcC3OJ1qJrAijdtfTQw
.hsforms.com/	1970-01-20 21:37:36	Name: __cf_bm Value: jT2zcQx5r_FDSvCPqV7zr9W2._JSw5JFWgPFfntoy2o-1719454633-1.0.1.1-WpwpYZcLD6gkC5Q6nieAk8zO9G.raujPGM_Q2WWr.bdyo_lKVKn4goxG88Vxly1RJ0Sx.utwYCTAxcufuYSmLg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: x69k0xnk8xsTc7bsI2uaCywhZqj9vv7Ya.Y5jif84SQ-1719454633944-0.0.1.1-604800000
.www.linkedin.com/	1970-01-21 06:23:10	Name: bscookie Value: "v=1&2024062702171454ca1c4d-a1cc-4652-82ed-677123e9a121AQETpbszybuQpCO1EPC1YqKrgHYLvDYp"
.linkedin.com/	1970-01-20 21:39:01	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2901:u=1:x=1:i=1719454634:t=1719541034:v=2:sig=AQETrMWb2kxFs8UkRw3FVjZGnGClj-fi"
.linkedin.com/	1970-01-21 06:23:10	Name: bcookie Value: "v=2&62182df5-3c4f-4b50-82e9-7def4eff907c"
.linkedin.com/	1970-01-21 01:56:46	Name: li_gc Value: MTswOzE3MTk0NTQ2MzQ7MjswMjH3WWABASTQnbO66AD83xTkPdxJv7zpQS4RZANdZP08zQ==
.adnxs.com/	1970-01-21 07:13:34	Name: receive-cookie-deprecation Value: 1
www.praetorian.com/	1970-01-20 21:47:39	Name: _an_uid Value: 0
www.praetorian.com/	1970-01-21 07:13:34	Name: _gd_visitor Value: c57b895f-707f-41db-8595-5b7f6ee5c9df
www.praetorian.com/	1970-01-20 21:37:49	Name: _gd_session Value: 65502eb1-7a50-4cbb-8d9e-d6c389597e3b
www.praetorian.com/	1970-01-20 21:37:36	Name: drift_campaign_refresh Value: 06b59ed6-ef33-464c-9f98-a927a739a9a4
.praetorian.com/	1970-01-21 01:56:46	Name: __hstc Value: 185921974.699cfd2b318fb58ed3a0b47cf3d24e10.1719454634735.1719454634735.1719454634735.1
.praetorian.com/	1970-01-21 01:56:46	Name: hubspotutk Value: 699cfd2b318fb58ed3a0b47cf3d24e10
.praetorian.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.praetorian.com/	1970-01-20 21:37:36	Name: __hssc Value: 185921974.1.1719454634735
.hubspot.com/	1970-01-20 21:37:36	Name: __cf_bm Value: 5bG4cSIS.SmY7whuLs6HsOA2eRl1yaHVcizawT_wxpQ-1719454634-1.0.1.1-xJi3mE1bGgmcW9P9bQKWav81I58U8EwnEIyyQTmtUjenrLe5HNX36dkbqLiNO_w0qr8FHkZJnw_Z2tN8.VGHTA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: D957vpcJwP9W3hC1ciToCl81Tw0P8g5eg0ZoI4lCXwI-1719454634975-0.0.1.1-604800000
www.praetorian.com/	1970-01-21 07:13:34	Name: drift_aid Value: 20b3f37e-f863-4487-aa29-425c56bb0e50
www.praetorian.com/	1970-01-21 07:13:34	Name: driftt_aid Value: 20b3f37e-f863-4487-aa29-425c56bb0e50
.www.praetorian.com/	1970-01-21 06:23:10	Name: _zitok Value: ceaff4a3ffa1dbb811871719454636
.zoominfo.com/	1970-01-20 21:37:36	Name: __cf_bm Value: _k87rcBj9YHrz9F_P5oIppgKaPJRT092C340WZmulQ8-1719454637-1.0.1.1-dH0btOHurm_3iOGpcIkEjOn8FChEkOS6sXbdF_rCDKTVh9h0rzKdhhwTWi7LGvuS6KBi4Q_ZjjOjLJOIOkGtqg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: rn.ryOnwcnTJY6m49I6tcBpjOiM96PDWLpEOMiINLEA-1719454637756-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tag.clearbitscripts.com/v1/pk_a49fe994c44a9c991691f43c10330c9f/tags.js Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://js.driftt.com/include/1719454800000/uet2c95y5w8r.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com .google.com .youtube.com .doubleclick.net .twitter.com .hsforms.com .hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com js.driftt.com widget.drift.com; frame-ancestors 'none';
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
b.6sc.co
c.6sc.co
epsilon.6sense.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
grow.clearbitjs.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.zi-scripts.com
ml314.com
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
tag.clearbitscripts.com
track.hubspot.com
use.typekit.net
ws.zoominfo.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.praetorian.com
www.googletagmanager.com
www.praetorian.com
104.16.117.43
104.18.141.119
104.19.175.188
13.107.42.14
13.33.187.74
146.148.61.165
172.217.16.195
172.64.150.44
18.245.86.73
18.245.86.77
18.66.102.106
2001:2030:21::3e73:fc89
2001:2030:21::3e73:fc93
2001:4860:4802:32::36
216.24.57.4
216.58.206.40
23.50.131.152
2600:9000:2670:9a00:7:d7d6:3c40:93a1
2606:4700:4400::6812:22e5
2606:4700::6810:6efe
2606:4700::6810:7674
2606:4700::6810:8dd1
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:f06c
2620:1ec:21::14
2a00:1450:4001:81c::2008
2a00:1450:400c:c0b::9d
2a02:26f0:480:f::213:7edb
2a02:26f0:d200::6010:3671
34.117.77.79
37.252.171.85
76.223.9.105
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
1b52c6a2e51fe8d9a185649b9b7cffb2c1862ec60cf612070432c1ac4109c06e
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c485d8f496ba2640736e239d23fb42393d41a0b5b0c03dad113b2d2e26b68af
1f23f74bd4bda9fc5092ba34675f43d4acf2e635010a21effeaca79d7ea5d458
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
1fb7c0840941cfb0c984be505c08b3adcf60131a957cce45f91726017c771fa5
202f0d4e1127ce8b1a3029ac6724c6c081d5b7936b0c81ea3f42862618fc22c6
2037c0cffae2688b5332df106c910e1532df3643c28b9023ff746645acda3f70
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3207a467556090b6d0107d8a636d62b8b65786050b543a71b11b95c2a46ccc59
417debb36c2433e8aac621b9b88cef9aee936879ee30051b8724b606bcc84fd9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47bbe1cb5f5a139efef4c4d1f3ef7dc5d541524494c0893eed8f93e4c6556b2b
4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663
50e126ce6f4caca8606dfda7334e0e2927cca6818e6052deb6820567f17e7eca
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
5480f50b06c3d59b71e7e6a315d3e237424d6b411caac45558b88b84bcb28656
55cb7986aa2cdd3e35ebf4be8d112aa27ce2a473d7914483f31ecc6dfbd1bf21
562f63e0d349529b85a7731c44f4890b86d4005bddd37a8a545a63898467fb38
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5e030eae4a6e596d1c9d4126736046d899bb59d1aa3d0b8b6d9e34a55cef3f9a
62d0cd7a745e6ff47760454cf0e9abcf8e07ea0e37618f9ecddda4602edd5453
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
63a1791d3aa3e83543b3750290630ba680d6ec819969e9aea1756e1de8da6bc9
6959c87d7cbcc4b7f8b2af1a5902fb3c8faeb003357ae54d989284195d99b416
6a980933b39409d97cd947dd6dc1837de2e49e87c7d9903122adb293cc8404cf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b586b2a4a4a9cfd6bf2850251f09ed7ca8465857815f95bec3cbe529bf7ec37
6c4bdad53042e2bd6e5a231bfcd66d19dc33f507edc2b847ff3c58aca74ff138
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
73046786c30c176b61049789a06ce4461655927faf28d1bab2aa9e4547949620
743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
7e93aa9eec4d6341f32f8f81fd9a1865413878bb08addce9c0fbafdfcd4e1ff6
866a99f24925760f4180147306e9a5410a6538edf3ed5e9342c550016683e605
878130b86e81304bd9d8afd8a8c5bc6c2d03194a3917e5bab3ddfa9eb3a07cb3
8f86d82c79073ffc876c2fdd10fe4b208a3a445c5ea331fadccc465a154b9a66
91d8b14a30057559482761055b980f053c412c7a25d4ae5b9756b6afe77cf6c7
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
9612e8740a4bc6cc15b7c4ed79ab3085a17461a38b0288bf4d24d5c06126f9ce
97c93526e3f8fe46ecf144bbe83442d7e0d6458021d47039b7db77b32918f530
97f9f04de0f4285cdd230fbb044ea90f7311708d428dba633adbbf68bd7a75ea
a417960751356272d97f187586475adc3b03945418727de6b2648676afae4467
a60e4a6f8b89cbd1debcd7f90a0e60099a7caa9490a3c5305b18cb094c53dd4b
ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9
b084305ba75c61a6309a9dec021937b5d7674640f9017527dda68bf72312e882
b37d6ceb18bd6e71b64d0e285a135415906eb7774bf8379759e3fd56c06af035
b475b2648fbcf6b9f1535198a5f52c11dc0bb9ed88bbf93d39eb1be9a391edc4
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
bfea99904678b54cf87ca008ebd5935761797c52814af8a770898f74c568e389
c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066
ca2c0be92297bf5746817d5591fd37cc34ea4c72b9f5d6ff1f45fb3abee97109
cc11053ef6ce76132604a22471bdb3321aab993411ab5ac10a3cfdaebba51aa9
cdb8db11562ba0702b78d5e0eca70f5b56bcabcc470b45b68881a33511625c46
ce51237183faac35aa45751edf0e827fdeb88b729af4dd521dbab869fc15cc6e
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98
d6179d30f86229f152bdece596a99629e9804213b9d3f8b3fd53cfa5baa074e4
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
daf2b708206f51b8cacaabe9486a081da986eb7443d65d8ef2d3da36ae848728
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb017b11346c44f8c491900723c7095f74223487be55b56751064e8cc0034654
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
eb7f4b254b63205896168d1b3713659e85cb6e38df4297063517104c22dd5510
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7085b8cb031174e44bfff6d7a12f931bf5948b9cb9d6997814dc7812464fce7
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ffcdccc72678d788b0fa938f4473f606dd68db5c0a978bcb416a17ab8ce716c8

www.praetorian.com Open in urlscan Pro 146.148.61.165 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

103 Requests

93 %HTTPS

48 %IPv6

27 Domains

36 Subdomains

34 IPs

6 Countries

1772 kBTransfer

4358 kBSize

31 Cookies

34 Outgoing links

Page URL History

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.praetorian.com Open in urlscan Pro
146.148.61.165 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

93 %
HTTPS

48 %
IPv6

27
Domains

36
Subdomains

34
IPs

6
Countries

1772 kB
Transfer

4358 kB
Size

31
Cookies

103 HTTP transactions
6 data transactions