www.smokescreen.io Open in urlscan Pro
2600:9000:211a:9e00:5:a05f:2c80:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.smokescreen.io/wp-content/uploads/2016/08/Top-20-Lateral-Movement-Tactics.pdf
Effective URL:
https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Submission Tags: falconsandbox
Submission: On June 13 via api (June 13th 2021, 1:31:37 pm UTC) from US

Summary HTTP 119 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 36 IPs in 4 countries across 28 domains to perform 119 HTTP transactions. The main IP is 2600:9000:211a:9e00:5:a05f:2c80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.smokescreen.io.
TLS certificate: Issued by Amazon on September 7th 2020. Valid for: a year.

This is the only time www.smokescreen.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 46	2600:9000:211... 2600:9000:211a:9e00:5:a05f:2c80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:211... 2600:9000:211a:3a00:1f:f723:6fc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
6	2620:1ec:29::67 2620:1ec:29::67	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.193.131 151.101.193.131	54113 (FASTLY) (FASTLY)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6811:ebcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:82ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:73b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.241.65 99.86.241.65	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.225.74.129 13.225.74.129	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b749	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6811:7d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.208.59.234 3.208.59.234	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	34.255.184.223 34.255.184.223	16509 (AMAZON-02) (AMAZON-02)
119	36

46 2600:9000:211a:9e00:5:a05f:2c80:93a1 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

www.smokescreen.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211a:3a00:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:29::67 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.131 (United States)

ASN54113 (FASTLY, US)

e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ebcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:82ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:73b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.241.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-241-65.vie50.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.74.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-74-129.fra2.r.cloudfront.net

serve.albacross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:7d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.208.59.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-59-234.compute-1.amazonaws.com

gc.smokescreen.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.255.184.223 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-184-223.eu-west-1.compute.amazonaws.com

new-collect.albacross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	smokescreen.io 3 redirects www.smokescreen.io gc.smokescreen.io	893 KB
14	gstatic.com www.gstatic.com fonts.gstatic.com	532 KB
8	google.com www.google.com	69 KB
8	clarity.ms 1 redirects www.clarity.ms c.clarity.ms	23 KB
7	hubspot.com api.hubspot.com app.hubspot.com track.hubspot.com	21 KB
5	hsappstatic.net static.hsappstatic.net	221 KB
4	albacross.com serve.albacross.com new-collect.albacross.com	5 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
3	hsforms.com forms.hsforms.com perf.hsforms.com	2 KB
2	google.de www.google.de	171 B
2	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	facebook.com www.facebook.com	235 B
2	ubembed.com e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com assets.ubembed.com	47 KB
2	facebook.net connect.facebook.net	98 KB
2	licdn.com snap.licdn.com	4 KB
2	googletagmanager.com www.googletagmanager.com	89 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	hubapi.com api.hubapi.com	1002 B
1	hsforms.net js.hsforms.net	135 KB
1	hsadspixel.net js.hsadspixel.net	3 KB
1	hscollectedforms.net js.hscollectedforms.net	24 KB
1	hs-banner.com js.hs-banner.com	15 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	usemessages.com js.usemessages.com	20 KB
1	bing.com 1 redirects c.bing.com	439 B
1	hs-scripts.com js.hs-scripts.com	1 KB
1	lfeeder.com sc.lfeeder.com	7 KB
119	28

	Domain	Requested by
46	www.smokescreen.io	3 redirects www.smokescreen.io
9	www.gstatic.com	www.google.com www.gstatic.com
8	www.google.com	www.smokescreen.io js.hsforms.net www.gstatic.com www.google.com
6	www.clarity.ms	www.smokescreen.io www.clarity.ms
5	fonts.gstatic.com	www.google.com
5	static.hsappstatic.net	app.hubspot.com static.hsappstatic.net
3	new-collect.albacross.com
3	track.hubspot.com
3	api.hubspot.com	js.usemessages.com static.hsappstatic.net
2	www.google.de	www.smokescreen.io
2	forms.hsforms.com	www.smokescreen.io js.hsforms.net
2	c.clarity.ms	1 redirects www.smokescreen.io
2	www.facebook.com	www.smokescreen.io
2	px.ads.linkedin.com	2 redirects
2	connect.facebook.net	www.smokescreen.io connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com js.hsadspixel.net
2	www.googletagmanager.com	www.smokescreen.io js.hsadspixel.net
2	www.google-analytics.com	www.smokescreen.io www.google-analytics.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	gc.smokescreen.io	www.smokescreen.io
1	api.hubapi.com	www.smokescreen.io
1	perf.hsforms.com	www.smokescreen.io
1	stats.g.doubleclick.net	www.smokescreen.io
1	js.hsforms.net	www.smokescreen.io
1	app.hubspot.com	js.usemessages.com
1	serve.albacross.com	www.smokescreen.io
1	assets.ubembed.com	e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	c.bing.com	1 redirects
1	px4.ads.linkedin.com	www.smokescreen.io
1	www.linkedin.com	1 redirects
1	e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com	www.googletagmanager.com
1	js.hs-scripts.com	www.googletagmanager.com
1	sc.lfeeder.com	www.googletagmanager.com
119	39

This site contains links to these domains. Also see Links.

Domain
in.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
*.smokescreen.io Amazon	`2020-09-07` - `2021-10-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.lfeeder.com Amazon	`2020-09-04` - `2021-10-06`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-01`	a year	crt.sh
*.js.ubembed.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
c.msn.com Microsoft RSA TLS CA 02	`2021-02-03` - `2022-02-03`	a year	crt.sh
assets.ubembed.com Amazon	`2021-03-06` - `2022-04-04`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
*.albacross.com Amazon	`2020-09-21` - `2021-10-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
gc.smokescreen.io R3	`2021-04-10` - `2021-07-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Frame ID: 4E1F837DE9C65CA406613DA5309B08D5
Requests: 98 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/7870773/threads/utk/b508323944e14ed3b682ab7c1cd65d6b?uuid=ed15b2132d9b48ccb83f05054dd65825&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=smokescreen.io&inApp53=false&messagesUtk=b508323944e14ed3b682ab7c1cd65d6b&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 0C8070940E0CB6C65535AFFC0331487D
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc21va2VzY3JlZW4uaW86NDQz&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&badge=inline&cb=gwjv92vdd4oc
Frame ID: C26B9FBA895BE448CE5562083418CE40
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6
Frame ID: 80C79D3F7E905D83C0DD3C01E782883B
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.smokescreen.io/wp-content/uploads/2016/08/Top-20-Lateral-Movement-Tactics.pdf HTTP 301
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics HTTP 301
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics/ HTTP 301
https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/ Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

119
Requests

100 %
HTTPS

79 %
IPv6

28
Domains

39
Subdomains

36
IPs

4
Countries

2263 kB
Transfer

5304 kB
Size

13
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://in.linkedin.com/company/smokescreen-technologies-pvt--ltd-
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/smokescreentech
Title: Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.smokescreen.io/wp-content/uploads/2016/08/Top-20-Lateral-Movement-Tactics.pdf HTTP 301
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics HTTP 301
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics/ HTTP 301
https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D331443%26time%3D1623591078800%26url%3Dhttps%253A%252F%252Fwww.smokescreen.io%252Flibrary%252Fsiege-craft%252Ftop-lateral-movement-techniques%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true&e_ipv6=AQL5RS0DvL-zKQAAAXoFkc2kQaMZt132Rs-lSwQWH_sWFEjDMciE0J5Zloub8OO1k36BKI6q

Request Chain 33

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&RedC=c.clarity.ms&MXFR=0A8609D8E2A067B4100F198DE6A0699C HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&MUID=2AD6AFBB2132676C14ADBFEE20596677

119 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Redirect Chain

https://www.smokescreen.io/wp-content/uploads/2016/08/Top-20-Lateral-Movement-Tactics.pdf
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics
https://www.smokescreen.io/resources/the-top-20-lateral-movement-tactics/
https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

209 KB
42 KB

500ms
500ms

Document
text/html

2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

df3addab490fb30cc123c4b8325ca343429fdc6d356a435065f3d2d7fad792fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.smokescreen.io
:scheme: https
:path: /library/siege-craft/top-lateral-movement-techniques/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html
date: Sun, 13 Jun 2021 13:31:19 GMT
last-modified: Wed, 19 May 2021 08:35:52 GMT
etag: W/"7a6d5a51e3311f00f85c7746f2836e6d"
x-amz-server-side-encryption: AES256
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
referrer-policy: no-referrer, strict-origin-when-cross-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-cf-id: nBfzkVQs0Ob5_FD48BNBPAKVA7o8lK9FT8bLpGiWSI92nXS62mmX7A==

Redirect headers

content-length: 0
server: CloudFront
date: Sun, 13 Jun 2021 13:31:17 GMT
location: /library/siege-craft/top-lateral-movement-techniques/
x-cache: Miss from cloudfront
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
x-amz-cf-id: RSMGZYP8JG97XxUyXHWt0FOMUbvUb-wmQLHOVZ3fuVMMZrQ-c-WJeA==

GET
H2 200 webpack-runtime-f2bc20379992ceedefd8.js Show response
www.smokescreen.io/ 7 KB
3 KB 187ms
185ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/webpack-runtime-f2bc20379992ceedefd8.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

993ace390132db4b18cc6804227d768a1b80ab1b4850c160c92be5c2a8b6d5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /webpack-runtime-f2bc20379992ceedefd8.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"4ae1bcd8e0ba95c45b9ee15149255607"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: RmX6npAYL6ATNeI870tpyXKnPU7TI4an6AEQdv_JwGQe8Mn77QKsLw==

GET
H2 200 framework-c181fe753039cdd804e3.js Show response
www.smokescreen.io/ 126 KB
40 KB 503ms
501ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/framework-c181fe753039cdd804e3.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a1979444926f369a1fc64bcaa34b55f97f3c3efa32528bf37d662436ce38c76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /framework-c181fe753039cdd804e3.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"b7bca4d1b7f1ba98fbccff71fd5708f5"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: 5ITmhIaliHAoEEL4bGCABRfJfUUpLzRBL9hddGoAY29teo1XmqMVpg==

GET
H2 200 app-c7efa3ffa09fe5073e2c.js Show response
www.smokescreen.io/ 96 KB
32 KB 237ms
235ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ff456a6ed10e9e2921af692e24717f8428678721a32f4b250b774d34ac67a9e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /app-c7efa3ffa09fe5073e2c.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"1acd88c2269ce1c3c0d20f2035bd7f80"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: bUjK6e6lWfMLinIKM2jlJwuyQjvmOyoG917o8CyuJp-STH-32E9awg==

GET
H2 200 styles-e9d24b1846c7d6eb9685.js Show response
www.smokescreen.io/ 117 B
733 B 217ms
215ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/styles-e9d24b1846c7d6eb9685.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dba17f1b29b3b3637d709f951023ea1655b08c6b4f40fd612c5e927ba72829fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /styles-e9d24b1846c7d6eb9685.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 117
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "f367d62f97c2d05f875986401342cb1f"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: 7qKB30LP61Iu1feyME_Exf9aNg5RbzeA7AVBXRJhuDRBIQ8hLAIjng==

GET
H2 200 commons-27f14328c37039684413.js Show response
www.smokescreen.io/ 49 KB
19 KB 586ms
584ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/commons-27f14328c37039684413.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1a059af6b3e5a93f094f52563944e210bc6a93cd0e74c4339b7432c19f958a76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /commons-27f14328c37039684413.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"971077582969d66e877360e6239db451"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: zfk8YCpSltdwXBoON0Mz-Qp-mioMbx4k5nHRFPyaXSGFW2n1pX8m5w==

GET
H2 200 142d7930f270cfe45a28d5c47499807a4127ecae-6ce40c8af7b254456bd4.js Show response
www.smokescreen.io/ 19 KB
8 KB 789ms
788ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/142d7930f270cfe45a28d5c47499807a4127ecae-6ce40c8af7b254456bd4.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f5e54dff09bbbc430b4cb92529ee7700e102aa9263c5ce69cf4eaf1174e6e6cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /142d7930f270cfe45a28d5c47499807a4127ecae-6ce40c8af7b254456bd4.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"82c3fb9fef12972ec07fa1d01fc59dc3"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: jhvE8T9-RJKLhZvIwCe0waEQ2xu41S6_rLLDkm-ZiTCqotmxIKlcYQ==

GET
H2 200 component---src-templates-siege-craft-js-eaae03699af067d932ae.js Show response
www.smokescreen.io/ 13 KB
5 KB 1103ms
1102ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-templates-siege-craft-js-eaae03699af067d932ae.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7eed4436c264ceb760c39e0cc4200122ebf2981db513e30ca8da2ef62313f746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /component---src-templates-siege-craft-js-eaae03699af067d932ae.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"51618b7e00e8f1d5c9901dc3e7698245"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: yzxoWa9nYkQeWmueZXkLl8AmDQbXcBtVtxcrTKZs6yt0JwINo7I8fw==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/library/siege-craft/top-lateral-movement-techniques/ 5 KB
3 KB 249ms
248ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/library/siege-craft/top-lateral-movement-techniques/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

aecdf4141f48d868606bb0d1a46fa67a8e920644db973cbb1f4e4b4d0d6df256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/library/siege-craft/top-lateral-movement-techniques/page-data.json
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"e171c01d3645dbbdb934c4b153e4949d"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: BTv3aBruDf-k_gIVX0-Pfa5IDy3yy-VWY7coXq8O69xkddidUMymug==

GET
H2 200 1478079672.json
www.smokescreen.io/page-data/sq/d/ 318 B
926 B 504ms
503ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/sq/d/1478079672.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

da522c47fc8e72ce7c3f6246b9e116d700b35ebf64f6fc3be0020b76511270c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/sq/d/1478079672.json
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 318
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "2f3208a36a731912eb314733ef29d6db"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: n7KaiK9at7-TwYF7wl3DXMjyfJ9VpdRcmnTa_6dd1iPbHNA2vbqaTA==

GET
H2 200 app-data.json
www.smokescreen.io/page-data/ 50 B
657 B 804ms
803ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/app-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98cc1710990a16be464aaef1d702d25076cdfba8a7690fc6a10983c3d876b5b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/app-data.json
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 50
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "92b4bc49dbe012245756a012bc8b3964"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: lFs3xxcR9v-xAGo7Jodw5uBz660DnzNmS-kiojYY_M6iwH8PcLtarw==

GET
H2 200 logo-dark-45887eb404eb332993e63df7970894e9.png
www.smokescreen.io/static/ 32 KB
33 KB 1028ms
1027ms Image
image/png 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.smokescreen.io/static/logo-dark-45887eb404eb332993e63df7970894e9.png

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

101710e14b85d2c13f2cde7c0504b1eda3e8635311f94657d329a63286a9be12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /static/logo-dark-45887eb404eb332993e63df7970894e9.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 32667
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "45887eb404eb332993e63df7970894e9"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: TuIGKxiWIEtuoMo3aAkTeglwE62gYomoXGuZrlkJYH8dJzEwYp647w==

GET
H2 200 Smokescreen-Lateral-Movement-Techniques.webp
www.smokescreen.io/static/3a23f1153945ebf7a796782daa2fd7ce/4e6d4/ 46 KB
47 KB 1077ms
1076ms Image
image/webp 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.smokescreen.io/static/3a23f1153945ebf7a796782daa2fd7ce/4e6d4/Smokescreen-Lateral-Movement-Techniques.webp

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

22a3c724777199406561d9f68f253e078b4ae553712b2ff85cb86cc3d432d0fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /static/3a23f1153945ebf7a796782daa2fd7ce/4e6d4/Smokescreen-Lateral-Movement-Techniques.webp
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 47450
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:53 GMT
server: AmazonS3
x-frame-options: DENY
etag: "b8fd8ad02ddfbd15b8061760ccae47ef"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/webp
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: oykFCQOH8M1hLxDLj8SDl70_EKJeXYVv1NpWuO1qM24IP4dmoyJFJQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3998
date: Sun, 13 Jun 2021 12:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 13 Jun 2021 14:24:40 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 155 KB
55 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WWFM597

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e59bb64bc3947e4a48dc5983143fe2940c80fd889d3ae8956dba49c60e9e17fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56449
x-xss-protection: 0
last-modified: Sun, 13 Jun 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Jun 2021 13:31:18 GMT

GET
DATA 200
OK truncated
/ 538 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 601291f305461286aacfbcabafb236c415748ad5f5f8264def5998ae9e7f28ba

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 889 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f977afd17a6cedb1886bc57b474a36d8241c75f01258e8b7421292c00442888f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 520 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b02aade81ccac7f4ab65b5d4aa5643185266570f7fcfaa31c86738772850ce4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 299 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f840fce4a4a5d4318ca350faeb50f370ead933f99f2cdb68e0af2ffcdb78a0de

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 roboto-latin-400-479970ffb74f2117317f9d24d9e317fe.woff2
www.smokescreen.io/static/ 15 KB
16 KB 526ms
526ms Font
font/woff2 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/static/roboto-latin-400-479970ffb74f2117317f9d24d9e317fe.woff2

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /static/roboto-latin-400-479970ffb74f2117317f9d24d9e317fe.woff2
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 15736
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "479970ffb74f2117317f9d24d9e317fe"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: D9EjH7m-PFgeblpzxhSlL_omLkMrwLdAveKpkhSwA-cSULbG0QMzhQ==

GET
H2 200 montserrat-latin-600-6fb1b5623e528e27c18658fecf5ee0ee.woff2
www.smokescreen.io/static/ 19 KB
19 KB 844ms
843ms Font
font/woff2 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/static/montserrat-latin-600-6fb1b5623e528e27c18658fecf5ee0ee.woff2

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /static/montserrat-latin-600-6fb1b5623e528e27c18658fecf5ee0ee.woff2
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 19264
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "6fb1b5623e528e27c18658fecf5ee0ee"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: bdgS8BUX4eVJtRZDLtliG0WBClLY9kCobNiIRmHYuTTJ_97zJ4vQ8Q==

GET
H2 200 montserrat-latin-700-39d93cf678c740f9f6b2b1cfde34bee3.woff2
www.smokescreen.io/static/ 19 KB
20 KB 1168ms
1168ms Font
font/woff2 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/static/montserrat-latin-700-39d93cf678c740f9f6b2b1cfde34bee3.woff2

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /static/montserrat-latin-700-39d93cf678c740f9f6b2b1cfde34bee3.woff2
pragma: no-cache
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 19480
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "39d93cf678c740f9f6b2b1cfde34bee3"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: tpAwc5egF55W6_bjzCjhan3gK31JspfDt_GiSldnE3iZ_9Fh-UVSyg==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0e49e65134724397e676577b7bb86785db1d733f6b31a5d637f3919d0826491

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 hubspot-loader.js Show response
www.smokescreen.io/ 989 B
2 KB 458ms
458ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/hubspot-loader.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98a2beec808e2eed3b9fe443e5f0937b851df4e4f312bb8b4af5da3265a7c50d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /hubspot-loader.js
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 989
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "8ac07c70e84b6e4ecbda6a4849e418b4"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: O8oBfthV3dMt8TEoR_KtazICsfLhQOnsD_3erzHnSOoxaY_me5GUMA==

GET
H2 200 lftracker_v1_lAxoEaKWZRwaOYGd.js Show response
sc.lfeeder.com/ 18 KB
7 KB 95ms
43ms Script
application/javascript 2600:9000:211a:3a00:1f:f723:6fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_lAxoEaKWZRwaOYGd.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWFM597
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:3a00:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fb628ecdfdb437026f7b87adce8a814fab315a783b1b6a08036437d30b5bcb3

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: LipPXVqsqzjHUOFvbr1SUE8bPfa4FNVO
content-encoding: gzip
last-modified: Fri, 14 May 2021 13:27:34 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
etag: W/"0111b008992901bbf25714ce7efceb0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2a5303ed411734ba7adcd9ff65d96392.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Sun, 13 Jun 2021 13:31:18 GMT
x-amz-cf-id: x_yGoMOkCDHlzxY-fMV36aYTZaC4osyif5tZmoEAgNVmEXEeRiMmsQ==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 20ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWFM597
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 13:31:18 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=18681
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 7870773.js Show response
js.hs-scripts.com/ 2 KB
1 KB 174ms
144ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/7870773.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWFM597
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cd4697287646641fa39f413a3d195147fe6fd7d47614c53235d1985f13a3826

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 20b06cea-a8e5-4dfb-99d4-0de6f4a7785d
cf-request-id: 0aa72ae3970000dfe71807b000000001
server: cloudflare
x-trace: 2BC55E4212780D6E74AF70A38E37C62FF610337AB0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.smokescreen.io
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 65ebadb28db5dfe7-FRA
expires: Sun, 13 Jun 2021 13:32:18 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 94 KB
24 KB 9ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

412979f99062018cc1b3ba7cc84a0c6d03f86f1c1f07f1ee90fa0402ba2d93ed

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24515
x-xss-protection: 0
pragma: public
x-fb-debug: PKAfXrtFqwsRafwMsmCzEebrK3Mf51q/39sUjLpsQ79+rQi5XBX7MnZzgAYtGf+UK8TM2ZnKWBl7JZoJpobH1A==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 13 Jun 2021 13:31:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 3zh58cui72 Show response
www.clarity.ms/tag/ 897 B
1 KB 149ms
101ms Script
application/x-javascript 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/3zh58cui72
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 8056f76f1d919208533da2c70d658a3cc87cbe354fcc3f8b8409a74f2dfad377

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
x-powered-by: ASP.NET
x-azure-ref: 0pgjGYAAAAADS/t1QozcDSL6tBWxTHrQbTE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
content-length: 897
expires: -1

GET
H2 200 / Show response
e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com/ 482 B
614 B 275ms
191ms Script
application/json 151.101.193.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com/
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WWFM597
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 98c3fd47f8fd48008fe107ed1f093de3776a6e1156ff4cad66d50c6874271e48

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: br
x-backend-region: eu_west_1
age: 0
etag: 4368748a234f7c0bedc19b6e89678fdf-v0.179.0
vary: Accept-Encoding, Referer
x-cache: Miss from cloudfront, MISS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate
x-amz-cf-pop: ARN1-C1
accept-ranges: none
x-amz-apigw-id: A3ZKHH4YDoEFa3A=

GET
H3-29 200 1439372699584791 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 101ms
101ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1439372699584791?v=2.9.41&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83af6070a437af3235af78136c319545b50c907083eaa004f101f0155ab2dabd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: 0CH5oK8XhIMdASW3vt80veK1GVN0e+eoky0o3o0EthlBKwWlXD8gA8mquXCuBfrMBnOUaNyHeaDmcSdxpkhoSA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 13 Jun 2021 13:31:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D331443%26time%3D1623591078800%26url%3Dhttps%253A%252F%252Fwww.smokescreen.io%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true&e_ipv6=AQ...

0
157 B

392ms
140ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true&e_ipv6=AQL5RS0DvL-zKQAAAXoFkc2kQaMZt132Rs-lSwQWH_sWFEjDMciE0J5Zloub8OO1k36BKI6q
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: aV++HXwniBbQrAUxFCsAAA==

Redirect headers

date: Sun, 13 Jun 2021 13:31:19 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=331443&time=1623591078800&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&liSync=true&e_ipv6=AQL5RS0DvL-zKQAAAXoFkc2kQaMZt132Rs-lSwQWH_sWFEjDMciE0J5Zloub8OO1k36BKI6q
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: hdckBnwniBYgBCFuYysAAA==

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1439372699584791&ev=PageView&dl=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&rl=&if=false&ts=1623591078930&sw=1600&sh=1200&v=2.9.41&r=stable&ec=0&o=30&fbp=fb.1.1623591078928.329759053&it=1623591078798&coo=false&rqm=GET

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 13 Jun 2021 13:31:18 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/vmss-eus/s/0.6.14/ 46 KB
20 KB 100ms
99ms Script
application/javascript 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/vmss-eus/s/0.6.14/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/3zh58cui72
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 5de9219efb11d6fcd505ebc32093c0853aec6131a12703d2027b4da8d28fa82d

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
content-encoding: br
etag: "1d75d80791f9375"
last-modified: Wed, 09 Jun 2021 22:40:40 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: public,max-age=86400
x-azure-ref: 0pgjGYAAAAAA+t/VAdo5VT7sU7JwQB4QXTE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
content-length: 20128
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&RedC=c.clarity.ms&MXFR=0A8609D8E2A067B4100F198DE6A0699C
https://c.clarity.ms/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&MUID=2AD6AFBB2132676C14ADBFEE20596677

42 B
357 B

68ms
68ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&MUID=2AD6AFBB2132676C14ADBFEE20596677
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:18 GMT
last-modified: Tue, 23 Feb 2021 19:11:50 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "506f5bd17ad71:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:18 GMT
x-msedge-ref: Ref A: F59499FFAC3342DD895A3DE4AD9E4D66 Ref B: FRAEDGE1421 Ref C: 2021-06-13T13:31:19Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=88B24A21B3D143F9B5F3D4056FC895CD&MUID=2AD6AFBB2132676C14ADBFEE20596677
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 81 KB
20 KB 42ms
24ms Script
application/javascript 2606:4700::6811:ebcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7870773.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:ebcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5cd92ecc87b6f2ed90dd548ba471c8f99507c8118633e3bdbcb5982429c70cc7

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
via: 1.1 ffa4b37ccdc94a8c62bf6b6414725210.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 538
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8903/bundles/project.js&cfRay=65eba08baa5a4a5c-EWR
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0aa72ae43b00002bb96b068000000001
last-modified: Wed, 02 Jun 2021 03:45:52 UTC
server: cloudflare
etag: W/"8b232ba8752127aefe4a51935b608ee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Ts6q1w2ggAjJnDkBbAYAbN.1NTlh0g.7
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 65ebadb3997d2bb9-FRA
x-amz-cf-id: 9Hu8jqm1VY_iWoMW3rWxBqkilrkgy77iqVYeNSUm5HOpTTyZi8qhDw==
x-hs-target-asset: conversations-embed/static-1.8903/bundles/project.js

GET
H2 200 7870773.js Show response
js.hs-analytics.net/analytics/1623591000000/ 62 KB
19 KB 227ms
195ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1623591000000/7870773.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7870773.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9a7745d18a64d87c71ce664ff1b2c78a5ea4f0167bb41733632236b42f89b60

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 5Y5TW87W8ZPHBQPM
x-amz-server-side-encryption: AES256
cf-ray: 65ebadb3ca10c27c-FRA
x-amz-id-2: lAbFHnj1yRod0JQ2ncbHMB4n7Ux1rNByEwtWBLGfsYqtuwSTX8p4pc8kXwnEgE1YJQJknhP2GeI=
last-modified: Wed, 12 May 2021 21:10:29 GMT
server: cloudflare
etag: W/"df22275659cbed0d34cf560e799a948e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-request-id: 0aa72ae45d0000c27cacab4000000001
content-type: text/javascript
expires: Sun, 13 Jun 2021 13:36:19 GMT

GET
H2 200 7870773.js Show response
js.hs-banner.com/ 61 KB
15 KB 540ms
522ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/7870773.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7870773.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 279cf940857645f33bf142ed36fd74e718ab226d836eb57f656d3b2c7c0d017c

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: S1FTD8DDM5C5PSN5
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: ysHHtCgkotBzHiTgwsJ4Ae3xFP69qHyK0OdVxYvOfIYfiXKoSaNiXz81/7rzYGfqUki5ptd21rU=
timing-allow-origin: *
last-modified: Thu, 27 May 2021 18:41:01 GMT
server: cloudflare
etag: W/"9e5c91e457c015df092f64dbb11738ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: kKB1KRQLYnVRfLS6M04zhQMPxqDj8iwF
access-control-allow-origin: https://www.smokescreen.io
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-request-id: 0aa72ae43c00004e9d3831d000000001
cf-ray: 65ebadb398e94e9d-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Sun, 13 Jun 2021 13:36:19 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 81 KB
24 KB 66ms
48ms Script
application/javascript 2606:4700::6811:82ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7870773.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:82ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94b63fd36f5c48af5e612b6719d6b77f1e4f4087dd69ffa426c2f966b775a82b

Request headers

Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
via: 1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 69853
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.240/bundles/project.js&cfRay=65e5044c1eef16ea-EWR
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0aa72ae43c00004a689caf3000000001
cf-ray: 65ebadb39afb4a68-FRA
last-modified: Thu, 27 May 2021 01:34:00 UTC
server: cloudflare
etag: W/"dfcae8e7cf0147090ea4a46ff8c7701b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: x.VJFnzOmOi1EqMYga2YUL0gSamB_uYQ
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 8Qgn-0JykC8pTXZgIXI-I0w7AcdEEfPH3Xqn5idNxKnT4tNa5oZQ6g==
x-hs-target-asset: collected-forms-embed-js/static-1.240/bundles/project.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 46ms
28ms Script
application/javascript 2606:4700::6811:73b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7870773.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:73b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 213e9304ead3746d69afe52d7b03c39c382fc09655aa158a0b9a21ed0ae46c88

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:18 GMT
via: 1.1 1fa3f854976309f3d11907ad7125291a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 323
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.237/bundles/pixels-release.js&cfRay=65eba5cacda5c2db-FRA
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0aa72ae43d00004e5c109f9000000001
last-modified: Fri, 11 Jun 2021 03:31:03 UTC
server: cloudflare
etag: W/"e2eafe9d29a173dd441eadbd8fa2ca8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 5cDmgkn88OuDP0ZbapHceZbLZ9_ycmrX
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 65ebadb39fe34e5c-FRA
x-amz-cf-id: hcj9OE71iL9fox2_X1sd1QJWpsSepkQEE_18KzhRMpILXA182Qx5WA==
x-hs-target-asset: adsscriptloaderstatic/static-1.237/bundles/pixels-release.js

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.179.0/ 162 KB
46 KB 198ms
72ms Script
application/javascript 99.86.241.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.179.0/bundle.js
Requested by: Host: e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com
URL: https://e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.241.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-241-65.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aef23deda339b41ec1128bd29fb926bd6b5317b06583cfe713da67ae9db605ba

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 03:34:38 GMT
content-encoding: gzip
last-modified: Wed, 16 Dec 2020 18:50:36 GMT
server: AmazonS3
age: 11181402
etag: W/"5989757bd8ad29a05f48a0b643993aae"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 fd2756277dcf50743fb09f4526b54aca.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: K0el9oKX0LHNx7FrY_W9-iwg2xVmgnOWVN0seAEJSOe9esVSd3W7zg==

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
540 B 138ms
115ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-error-caught&count=1

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: d0c4ef1c-8015-41ed-9362-71e8bbe80591
x-trace: 2B8DFE459A3562DFCD8001115AA37414D56B4CDA9A000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 65ebadb46d494ec7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35
cf-request-id: 0aa72ae4c500004ec7d9045000000001

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 168ms
146ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=7870773&conversations-embed=static-1.8903&mobile=false&messagesUtk=b508323944e14ed3b682ab7c1cd65d6b&traceId=b508323944e14ed3b682ab7c1cd65d6b

Protocol

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-hubspot-messages-uri
Origin: https://www.smokescreen.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-type: text/plain; charset=utf-8
content-length: 18
cf-ray: 65ebadb55bf91f19-FRA
access-control-allow-origin: https://www.smokescreen.io
allow: HEAD,GET,OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-request-id: 0aa72ae55500001f19a8b71000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hubspot-correlation-id: 1fcc25de-2623-497a-ae5f-7a3287c26ad4
x-trace: 2B8BA8BFE1091745FF4DF86D3BB1A716A93A088444000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ca%2FWNh7fwBbA0NAQZRQ0LQGwAmzuFq7FGW%2Byf1QAUncnYYAH7BtSJfrzmp681wgc6QgVEe1jBr7rxCYG8Epbfpp9jLo8smg0LPxkWZh4zABOfuQUn0OfCK9u4Tug05bfIKmvCLdX%2Ffc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 282ms
256ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5348c7fa45c3bf3a8e4465ac652e291e17cda4dfedfc5ef7a0bdc315d942855b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

X-HubSpot-Messages-Uri: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.smokescreen.io/

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d138dba6-f748-4f14-8778-886a588b693c
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1399
cf-request-id: 0aa72ae6060000dfbb668f8000000001
server: cloudflare
x-trace: 2B18CC915AA8D13F0A41FC98195828393EE96374F5000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=37uIW0Tt4jlJ9IzEMyUFDJQb%2Bzwkyek89QWzOqMYvScDtuOBmtMKTgI%2FOrI7RBe1D1F1mwpqqMIDdGRXxS6%2BOcdYgAa37dN5X1WWrD0mGcehmXd9GNQieRqR4ElqbKJI69tkM2%2BAe4U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.smokescreen.io
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 65ebadb66feadfbb-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK track.js Show response
serve.albacross.com/ 10 KB
5 KB 190ms
62ms Script
application/javascript 13.225.74.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://serve.albacross.com/track.js
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.74.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-74-129.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38fbe56978cc73ba5a5f8c85b360f71aca125c2cd850a3cd6c3683385e388702

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 13:30:07 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 13:13:21 GMT
Server: AmazonS3
Age: 72
ETag: W/"b769e9b4f23be6c9bab7c715fdf2526a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
Cache-Control: max-age=120
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: TWc1T8Pn_DEqz1XuTLYZ3R2Y38iH3CwWdbEN8dsj8mExJPEoczJpzQ==

GET
H2 200 35-9df5cd936ffd6a686f9b.js Show response
www.smokescreen.io/ 79 KB
23 KB 278ms
278ms Script
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/webpack-runtime-f2bc20379992ceedefd8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1ee459a55ac8e52a06584dd3110d0194e6fe481723dae7fe89e7a18d2d35a1f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /35-9df5cd936ffd6a686f9b.js
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"cd5bacdf896f6420652e7491a505bdc5"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: bnj5DayIRev46M5YjaZ8akpE_VxY_zaNxvcM8rLIslRDFRxdsxghjQ==

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1439372699584791&ev=Microdata&dl=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&rl=&if=false&ts=1623591079453&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen%22%2C%22meta%3Adescription%22%3A%2280%25%20of%20an%20attack%20is%20spent%20in%20lateral%20movement.%20Use%20this%20guide%20to%20understand%20the%20top%20techniques%20attackers%20use%20and%20how%20you%20can%20prevent%20them.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Smokescreen%22%2C%22og%3Atitle%22%3A%22Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%22%2C%22og%3Adescription%22%3A%2280%25%20of%20an%20attack%20is%20spent%20in%20lateral%20movement.%20Use%20this%20guide%20to%20understand%20the%20top%20techniques%20attackers%20use%20and%20how%20you%20can%20prevent%20them.%22%2C%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F%22%2C%22article%3Apublished_time%22%3A%222020-08-17T10%3A01%3A31.000Z%22%2C%22article%3Amodified_time%22%3A%222021-04-20T08%3A24%3A42.000Z%22%2C%22og%3Aupdated_time%22%3A%222021-04-20T08%3A24%3A42.000Z%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.smokescreen.io%2Fassets%2Fuploads%2F2020%2F08%2FSmokescreen-Lateral-Movement-Techniques.png%22%2C%22twitter%3Aimage%22%3A%22https%3A%2F%2Fwww.smokescreen.io%2Fassets%2Fuploads%2F2020%2F08%2FSmokescreen-Lateral-Movement-Techniques.png%22%2C%22twitter%3Acard%22%3A%22summary_large_image%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.41&r=stable&ec=1&o=30&fbp=fb.1.1623591078928.329759053&it=1623591078798&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sun, 13 Jun 2021 13:31:19 GMT

GET
H2 200 b508323944e14ed3b682ab7c1cd65d6b Show response
app.hubspot.com/conversations-visitor/7870773/threads/utk/ Frame 0C80 44 KB
16 KB 215ms
194ms Document
text/html 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/7870773/threads/utk/b508323944e14ed3b682ab7c1cd65d6b?uuid=ed15b2132d9b48ccb83f05054dd65825&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=smokescreen.io&inApp53=false&messagesUtk=b508323944e14ed3b682ab7c1cd65d6b&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef8f5f445e32edd983337a5f61a444d1e8713e548abe1534baf9dfec19612001

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/7870773/threads/utk/b508323944e14ed3b682ab7c1cd65d6b?uuid=ed15b2132d9b48ccb83f05054dd65825&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=smokescreen.io&inApp53=false&messagesUtk=b508323944e14ed3b682ab7c1cd65d6b&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.smokescreen.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.smokescreen.io/

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
content-type: text/html; charset=utf-8
cf-ray: 65ebadb82e95c2f4-FRA
age: 3042
cache-control: max-age=600
etag: W/"6b36664400809fe1168423e8cc129da4"
last-modified: Wed, 02 Jun 2021 03:45:52 UTC
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 38ecebcaa39c8742da2b6336935bb446.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
cf-request-id: 0aa72ae7230000c2f466b57000000001
content-security-policy-report-only: script-src 'unsafe-inline' 'self' www.hubspot.com js.hs-analytics.net js.hsforms.net js.hsleadflows.net *.hsappstatic.net js.hs-banner.com *.hs-scripts.com js.hubspotfeedback.com js.usemessages.com js.hubspot.com js.hsadspixel.net js.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net www.google-analytics.com static.hotjar.com script.hotjar.com www.googletagmanager.com www.fullstory.com *.convertexperiments.com cdn.pdst.fm d.impactradius-event.com cdn.getambassador.com mbsy.co pixel.cdnwidget.com snap.licdn.com connect.facebook.net js.stripe.com checkout.stripe.com survey.survicate.com surveys-static.survicate.com sdk.canva.com www.dropbox.com www.google.com www.gstatic.com apis.google.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com play.vidyard.com app.vidyard.com fast.wistia.com s.yimg.jp www.redditstatic.com 'unsafe-eval'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-visitor-ui/static-1.11359/html/index.html&cfRay=65ebadb82e95c2f4&referrer=https%3A%2F%2Fwww.smokescreen.io%2F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
x-amz-cf-id: JXsXeZytyFt1hfb0jvsLJQ9GwLwo4r7QPXwVK0esr_a_jtCkBVGUTw==
x-amz-cf-pop: IAD89-C3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: EUfMNbLnGKtsWEAAFH09UHZ7A4On5M5z
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 573 KB
135 KB 66ms
46ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/component---src-templates-siege-craft-js-eaae03699af067d932ae.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

068605b7a74adeae97a35f115e5d2116b49e1b0746b0172d6795cf4c7f93ecc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:19 GMT
via: 1.1 224f09e9c236b40d399a8b2851ac0069.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 344
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae7d000004e1f70a82000000001
last-modified: Thu, 10 Jun 2021 01:55:02 UTC
server: cloudflare
etag: W/"be4017dc0d84057af0be82378d2bcd1a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=e2u3rfOEYmINS2zg%2BpaHakbj%2FWuopaUFuq3pFYvSEwzCLXB0GewlIKSLE9voMtDfKn9pykVvcrohF5eNQUfU3Njp3EMxeXWdbXklYRM%2FqApobpjdEB2AWEtXwHAZ%2FdZeaSd449AU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: _lWo_seegG84aAiYV148P6d_vJ1mA4fg
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 65ebadb94c934e1f-FRA
x-amz-cf-id: BD3dOJo7cwI6sT1wTT7gXDJG6bD16cIcAqykBRlPVi_DCQqLAVCAag==
x-hs-target-asset: FormsNext/static-5.319/bundles/project_with_deps.js

GET
H2 200 page-data.json
www.smokescreen.io/page-data/contact/ 0
748 B 467ms
467ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/contact/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/contact/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 139
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "ec5bfd4cd8770df9b6ff35ffb0b8529a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: dlsZOiaiuhTmaUb0GwgiT2tdz6He03STTH2AoG0SYY-MQ2jOIuA_CQ==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/pricing/ 0
748 B 194ms
194ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/pricing/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/pricing/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 139
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "5277e8f35d0e67173f6c392141ae38cc"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: Awozv36N-oVT-NEvhTDt-YhXFWnfntvAuepcX9KxLT_pUmpU_JB3gg==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/all-resources/ 0
46 KB 514ms
514ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/all-resources/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/all-resources/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"05a214919f6914feb6ac77a19b306ff7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: MPgu0wLyZ3MaaLXft0JxXiF16mTF__fOL2giyaftN0QD_Zrsa3s09Q==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/about/ 0
18 KB 197ms
197ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/about/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/about/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"e16a24cd8fb656439a02bf4dd7a5693a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: Zwv8natSaUNJYlvh1GKvrrCXc3emUhAlwq4hpsS-nBZt1yUJUWTK6w==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/demo/ 0
742 B 462ms
462ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/demo/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/demo/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 133
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "21ac1ff2075d1c5e7fb47f54d18dd1da"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: j2RJjOwhvNgiaJJKZR31FqE5Mp3fv9pC-Jyxgwg6B02CFktlOWKUeA==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/library/ 0
9 KB 446ms
446ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/library/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/library/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"538d7695ed76ef938923ee2c69ff2704"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: 3TzRtU0fh1-AOEppyqtH3YzNlB9b43rwG5nTu1KFNEcjOqstPpNElw==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/index/ 0
3 KB 469ms
469ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/index/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/index/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"2856d14dbc325795aef4e825ae83bdb7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: y0IQR_TnnNeslb9Dqm0z9VW6doem-CkujhcTP3-nRwsVbq_mOlFbfg==

GET
H2 200 page-data.json
www.smokescreen.io/page-data/blog/ 0
102 KB 481ms
480ms Other
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/blog/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17
:path: /page-data/blog/page-data.json
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"4ffc24f9b8527dfc33a49725883d31da"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: Ws2YedZUlXszhWoPYBqRRv0keLSZlG7VQZtCsoJBDYfnmquuc9VSKg==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 35ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1543993408&t=pageview&_s=1&dl=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&dp=%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&ul=en-us&de=UTF-8&dt=Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAAC~&jid=402626304&gjid=19287056&cid=924104956.1623591079&tid=UA-63170995-1&_gid=1268170532.1623591079&_r=1&_slc=1&z=576887179

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-63170995-1&cid=924104956.1623591079&jid=402626304&gjid=19287056&_gid=1268170532.1623591079&_u=aEBAAEAAAAAAAC~&z=281371916

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 13 Jun 2021 13:31:19 GMT
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.133/ Frame 0C80 44 KB
16 KB 46ms
25ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.133/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/7870773/threads/utk/b508323944e14ed3b682ab7c1cd65d6b?uuid=ed15b2132d9b48ccb83f05054dd65825&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=smokescreen.io&inApp53=false&messagesUtk=b508323944e14ed3b682ab7c1cd65d6b&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fcb720730ec6667a8eb5cc8922104bcd038a26f8ad3f2b97c39da1f8b1d248c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 e79fcd7f3f0a842841acfca75e35ea79.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1574195
x-amz-server-side-encryption: AES256
cf-ray: 65ebadba0f53d6b9-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae8480000d6b9fcaf5000000001
last-modified: Tue, 27 Apr 2021 20:06:49 GMT
server: cloudflare
etag: W/"130a0aa46b085d7193be5bff1b06839c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=agTk87ubcN1%2BhSEpXQE2s3xuVaBavL8paiAnSzIDOXa8ZhJTbOdZA%2BzsWjfke%2BrRGv7hfcdrpyr%2F6Mw%2BNQVzc3Jq7LQ5DLEldkcNoia6gzBcSqlGMJ5SMf7FQcgNDp622aFUazs%2Bxdc2B9dgpfG9"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: GjpMz4KgmP.84GcQIO6xeWpzcLZFXo8X
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: AMS1-C1
content-type: application/javascript
x-amz-cf-id: 0nfcUdMV8bVScdjaQp1C6_sopWmNwFtViK1pX_2yk-6O-ToSORBx4A==
expires: Mon, 13 Jun 2022 13:31:20 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/ Frame 0C80 20 KB
4 KB 333ms
17ms Stylesheet
text/css 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 fc6dca2df1221c0bec817610bc20e505.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2305691
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae96f00004e610227b000000001
last-modified: Wed, 03 Mar 2021 21:09:00 GMT
server: cloudflare
etag: W/"370a89ea102d7b437eb549729472631f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=znWQWsiXq3Z3lAaKLo9kpPLxUesqeRDtD6uZw%2B2QTXKcJhhcHzg%2BVY%2BJgo55kk3B4ux3YfFmBEv64hE9%2F9zTykwfwMsZfiZt8ftw%2FajIag1EoqOA1qbCO6jSBLCSVEQxOcgcPY43ZNLbn6ASsPfk"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1rBCyHs_YjjDB1.HOpykpqteK2m6W_oL
cache-control: public, max-age=31536000
x-amz-cf-pop: MUC50-C1
cf-ray: 65ebadbbecb04e61-FRA
x-amz-cf-id: ty8MEdjgGU_CHYbNJ3VAGai79DmhaUdHc0j1TA7E5ppRiixT4jKtqg==
expires: Mon, 13 Jun 2022 13:31:20 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.129/ Frame 0C80 285 KB
84 KB 74ms
53ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.129/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85a94aca9a3bb11143fc25e69f7cddee5e42619798aea0a4595e5b85af2db47e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 843560942e8c8e57a33193254e0a9de6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2305832
x-amz-server-side-encryption: AES256
cf-ray: 65ebadba0f57d6b9-FRA
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae8490000d6b985963000000001
last-modified: Thu, 25 Feb 2021 03:06:13 GMT
server: cloudflare
etag: W/"4b0d6c4998d1c189b73bf24559a044d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5Z82dleu2%2BWUOkSl9W1sEDpxmTV8GVUpMc0e0sbl8nQq0ep7GrHNVnaED83GzDPk%2FoWej3VvbBa%2Fq0hj7SbHCUpRUfhy%2BIIUpfAydoXlQTU4dYAkiIGm7odth9%2BPFdeinY86S6QRetJXUXnBuCHL"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: tIgtiGaJ4EHx5PaVJ4NwnE5IaF3j9gQD
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: MUC50-C1
content-type: application/javascript
x-amz-cf-id: ZDyZ8RQWk-PL3Fd5LlNKJ5ZVEH0_vNHhazeGC5Tv3uf519KhPXZOhg==
expires: Mon, 13 Jun 2022 13:31:20 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11359/bundles/ Frame 0C80 468 KB
116 KB 46ms
26ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11359/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57de733c29e42747b81b82e4480ce229d6423a3f8d3839dabff81b81ba491088

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 d6bff47a79bb5fa9800d9ee4b2b92146.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 942322
x-amz-server-side-encryption: AES256
cf-ray: 65ebadba0f58d6b9-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae84b0000d6b984878000000001
last-modified: Wed, 02 Jun 2021 15:27:42 GMT
server: cloudflare
etag: W/"69854d4fcb6a35f4efafc6e8239971b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ab11X2m1LpOw%2BeWYdPQM6Afr0YpOeCz34Hos3FGnqjk3BWhiB13uZGd0vSioDA4jVgD26hQaEOVCsE2hP%2BtFAMQgPuGjUSPAb6O7LiwoOectRfimzgFkdduXrOqOzqm4LXzT9%2B%2FW%2BCOGGvMOesMC"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 0_Af617m.rwrW0o6sRwyQWM7qkQc2uIH
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: CDG3-C2
content-type: application/javascript
x-amz-cf-id: tJKTAajfjmin4RQizqUTsUXlbWW-AYF3w2Xbe2cW5EfBRDeTjAVSpw==
expires: Mon, 13 Jun 2022 13:31:20 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-63170995-1&cid=924104956.1623591079&jid=402626304&_u=aEBAAEAAAAAAAC~&z=1825655802

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-63170995-1&cid=924104956.1623591079&jid=402626304&_u=aEBAAEAAAAAAAC~&z=1825655802

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 34154bea-73c8-4faa-9db6-d5d415ed8e38 Show response
forms.hsforms.com/embed/v3/form/7870773/ 3 KB
2 KB 171ms
160ms Script
application/javascript 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/7870773/34154bea-73c8-4faa-9db6-d5d415ed8e38?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb005bd480e05c481960064366fa87bfbb0c01fab837af169ec53a4c593407da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 16b98d69-2d6d-4a16-8d9d-e98bd95c3975
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae88900004ee5b085c000000001
server: cloudflare
x-trace: 2B5BA4CF6AB0B2DA3A5488B1643AD844AB1738F36E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 65ebadba6ee24ee5-FRA

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/pricing/ 139 B
747 B 453ms
453ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/pricing/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d2fd7ffb4fa968fff4c2c718f390b17e35b64f251c8193c415e686c2d070df93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/pricing/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 139
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "5277e8f35d0e67173f6c392141ae38cc"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: 7hDA1l8rrsC4wwZ_nMMz2AM62d8GAw35ngPltoSSb322m9uHC3j_2g==

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/about/ 32 KB
18 KB 175ms
174ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/about/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

05c069f3394113bf2b3c2de97f813bd4969a67f044009f5fbab9cc0b360d7582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/about/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"e16a24cd8fb656439a02bf4dd7a5693a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: Lsk2SGA7FqzFaTOb_eo_mZ02PQxg42uqCRcM04DFuXZuFoZuCJXF0w==

GET
H3-29 200 enterprise.js Show response
www.google.com/recaptcha/ 1008 B
634 B 25ms
23ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4cfb3bbc7d2dd26c818ddd0cd753135a4eeece81c2751228ecde155f729ac2f9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 613
x-xss-protection: 1; mode=block
expires: Sun, 13 Jun 2021 13:31:20 GMT

GET
H2 200 montserrat-latin-400-bc3aa95dca08f5fee5291e34959c27bc.woff2
www.smokescreen.io/static/ 19 KB
19 KB 459ms
459ms Font
font/woff2 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/static/montserrat-latin-400-bc3aa95dca08f5fee5291e34959c27bc.woff2

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.smokescreen.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
:path: /static/montserrat-latin-400-bc3aa95dca08f5fee5291e34959c27bc.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 19172
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:36:10 GMT
server: AmazonS3
x-frame-options: DENY
etag: "bc3aa95dca08f5fee5291e34959c27bc"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: font/woff2
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: WCf9mwlUbaqUOxc77SxNO95tS1_geh2WDU3hF2u3oQCi3i0gDEVlYA==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ 343 KB
134 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.smokescreen.io
Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 09:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136998
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 22:05:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 09:55:35 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame C26B 41 KB
21 KB 23ms
23ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc21va2VzY3JlZW4uaW86NDQz&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&badge=inline&cb=gwjv92vdd4oc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fab326b8ea83ef204eb346c3af1238f552f6242707cdf6145086919d15ce4925

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oZSiHSQPTDxnZAN9y4Gbag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc21va2VzY3JlZW4uaW86NDQz&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&badge=inline&cb=gwjv92vdd4oc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.smokescreen.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.smokescreen.io/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Jun 2021 13:31:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-oZSiHSQPTDxnZAN9y4Gbag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21358
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
225 B 521ms
520ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=7870773

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: d29a4b17-34ee-457e-aa79-17a0a609e17c
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35
cf-request-id: 0aa72ae99500004ec7ec05a000000001
server: cloudflare
x-trace: 2B69CEC1291A0E29DADEB761CF463910FD741912E5000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 65ebadbc2b7a4ec7-FRA

GET
H3-29 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11275/ Frame 0C80 778 B
1 KB 43ms
28ms Script
application/javascript 2606:4700::6811:7d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11275/i18n-data-data-locales-en-us.js

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11359/bundles/visitor.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:7d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7835a7a3ced0b25b9bcc0caeaa041862878116020eb37faa0a031ad0fe60a0ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
via: 1.1 c0e5f870deac34f99f746174f65a2881.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2313202
x-amz-server-side-encryption: AES256
cf-ray: 65ebadbcaa672bd6-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72ae9ed00002bd6b30e3000000001
last-modified: Mon, 17 May 2021 17:53:53 GMT
server: cloudflare
etag: W/"7757563c789b44ff168a7f2e64287bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FArsjMTdPFjcc8P9XwU1qRXAA8JutufbfkcgTZHQ7X6NTaDJDy7Zn4ckh3fzmw0Ra%2BrexCBId4Vopk956WWK9Xy%2BfIPNpRe0LFOI1SkzG7ajbCRusopof2QsaTN6YOoMrVdsXBG36%2FkRzxL6Bd2X"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: qFkBSHgfkOM6USmB.ekQIacOkSUyMJL5
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: CDG50-C2
content-type: application/javascript
x-amz-cf-id: sLwMEYoFVoPYlCabHHtaP_S1_RhmAseC_5aSjKGniXb3ZiVrEDO-XA==
expires: Mon, 13 Jun 2022 13:31:20 GMT

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/demo/ 133 B
741 B 465ms
465ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/demo/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b762b88c5eb49bb0fb4735595032ee1900b76cf4af25b19060f57de8b9a8f854

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/demo/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 133
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "21ac1ff2075d1c5e7fb47f54d18dd1da"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: _W4x5XfSKfrnt1GimkHCF1CgsO8iurD8-qT_hWR_YWArz26OF0aCow==

GET
H2 200 component---src-pages-about-js-de96742ebe2515eed817.js
www.smokescreen.io/ 0
18 KB 482ms
482ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-about-js-de96742ebe2515eed817.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
:path: /component---src-pages-about-js-de96742ebe2515eed817.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"0e26124a585044f6226a1630cdf3662f"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: YeJz7MOHoTd4W2Phb41s-4p0d59PqyVJQbSbW26HVUwOtW6FDeKqxg==

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/contact/ 139 B
748 B 453ms
453ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/contact/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

73cdf71dcf6418b9da96c5d7e9be48f7700b1b8d4cd4f224139ac93c77be7af2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/contact/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 139
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: "ec5bfd4cd8770df9b6ff35ffb0b8529a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
accept-ranges: bytes
x-amz-cf-id: VRWBDrCUvEicYmLdN2-z6_-cQ-Fc8_1sUsL2ZxzIreS1OxrEaQe_EQ==

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/index/ 4 KB
3 KB 446ms
446ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/index/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a68940d3f53b14d137117644accafe2e097ab09529178c27055b5eb836c4368d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/index/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"2856d14dbc325795aef4e825ae83bdb7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: B57BHzbhTEw7e60ye1ExaFd4qQJf9pajpGpS4thNBSgmXJsxMh6EmQ==

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/library/ 18 KB
9 KB 573ms
573ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/library/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8bfaf6609d0d7144c486f12ab8a2485b40939dfcc0eb01b567399666568d1ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/library/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"538d7695ed76ef938923ee2c69ff2704"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: 2n_uFh3sle0xdDCQiNCrhsHMA75TqyblUYoT53BngkIUTOsFg-o4Ww==

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame C26B 52 KB
25 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc21va2VzY3JlZW4uaW86NDQz&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&badge=inline&cb=gwjv92vdd4oc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 07:35:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 22:05:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 07:35:58 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame C26B 343 KB
134 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 09:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136998
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 22:05:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 09:55:35 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame C26B 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:57:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 113659
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Sat, 19 Jun 2021 05:57:01 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C26B 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 04:48:34 GMT
x-content-type-options: nosniff
age: 117766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 04:48:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C26B 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 10:55:14 GMT
x-content-type-options: nosniff
age: 95766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 10:55:14 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame C26B 102 B
132 B 16ms
15ms Other
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e8f05752862160fa1888c91060a324c84870cd4bca2acee125713d11147fde5d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc21va2VzY3JlZW4uaW86NDQz&hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&size=invisible&badge=inline&cb=gwjv92vdd4oc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 13 Jun 2021 13:31:20 GMT

POST
H3-29 204 rhumb
api.hubspot.com/cartographer/v1/ Frame 0C80 0
1 KB 169ms
158ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11359

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11359/bundles/visitor.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Jun 2021 13:31:20 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 82fb141a-d0a3-4b9f-9cd9-df108d7bb9ce
access-control-max-age: 604800
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72aea9400001762cf315000000001
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Iv0f8TYjELWi3zbyRPTsj%2FdAcVlWFzrcS1Y%2B6ueyHY2Ojaa4roRbPQIPSKQg7ODUX56VJqJMq191Si4Ji3XKDVxle028%2BMt6KMTGx6wS%2Bc0aZSHjFCPKKSQ8ZkTWmVSHJGi3AgJNlew%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 65ebadbdbd521762-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

GET
H2 200 component---src-pages-pricing-js-8a7e22dcc7e8b537b0c9.js
www.smokescreen.io/ 0
94 KB 242ms
241ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-pricing-js-8a7e22dcc7e8b537b0c9.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1
:path: /component---src-pages-pricing-js-8a7e22dcc7e8b537b0c9.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"96dc8086d73abfaafd0e92d5325fe06a"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: 5geKOROaUXvnLt0jwu2jS4C-Q7-tN96zg24iIAG7kNZSvyo4i4t4EQ==

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame 80C7 7 KB
1 KB 17ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

217a07fddedc1d431f0909f6757bfef7b36d9386fe473a8d772689d50bdee5df

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ldGa0gX0TtsP94RCjgXJcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.smokescreen.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.smokescreen.io/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Jun 2021 13:31:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-ldGa0gX0TtsP94RCjgXJcA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1115
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/all-resources/ 166 KB
46 KB 520ms
520ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/all-resources/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

23dc3f4e465c5562e9178eb368fa7e555f205c8a92a403d15a0b784716a49a41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/all-resources/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"05a214919f6914feb6ac77a19b306ff7"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: Eu6MpOLLiCMQyBG3I4eMJmGwKNX_N_Ii7YTSUl8rN1mmE15s996pEQ==

GET
H2 200 page-data.json Show response
www.smokescreen.io/page-data/blog/ 341 KB
102 KB 438ms
438ms XHR
application/json 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/page-data/blog/page-data.json

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

194dbe13a0d009d6235556804249eb2ef3bb642d91ce4ddc080d4d4b8b3ee570

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /page-data/blog/page-data.json
pragma: no-cache
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:52 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"4ffc24f9b8527dfc33a49725883d31da"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=0, must-revalidate
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: PwYPuhs9HmfhSaR8jLvDDLD2PrlZfNbQJeOYA9h7fSw0-P7kNKzXeQ==

GET
H2 200 component---src-pages-index-js-e74e9660ffa2cfaf2008.js
www.smokescreen.io/ 0
65 KB 491ms
491ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-index-js-e74e9660ffa2cfaf2008.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b
:path: /component---src-pages-index-js-e74e9660ffa2cfaf2008.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"988f2713581b5c7e6163f39ca64f6698"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: J_oJ31Sn1yDSxxCwntY-AziWYyCIl6BN6dHq7O_tm5W7EfTFkLM0LQ==

GET
H2 200 component---src-pages-contact-js-77c42a209d426e2b650d.js
www.smokescreen.io/ 0
6 KB 517ms
517ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-contact-js-77c42a209d426e2b650d.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b
:path: /component---src-pages-contact-js-77c42a209d426e2b650d.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"25b38b3a4a10f7e2a1d70e600e2054ad"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: OaEzDedD-bJH7BAoKo4boiIOh6bH9V9vD7TNSdl2KHMU3DGe00OeyQ==

GET
H2 200 component---src-pages-demo-js-25a6ea738774cf0e8fd2.js
www.smokescreen.io/ 0
6 KB 439ms
439ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-demo-js-25a6ea738774cf0e8fd2.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b
:path: /component---src-pages-demo-js-25a6ea738774cf0e8fd2.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"61da94141dd6f79fae3f0d28111b0f10"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: m5Szmt8ED8R-uZV0WNgzw71a1EigscwOSo7wJc_XweDpyFcXQBJhNQ==

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame 80C7 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 07:35:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 22:05:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 07:35:58 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/ Frame 80C7 343 KB
134 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 09:55:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12945
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136998
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 22:05:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 Jun 2022 09:55:35 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
549 B 39ms
37ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=7870773&rcu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&pu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&t=Top+Lateral+Movement+Techniques+%E2%80%93+The+Red+Team+Edition+%7C+Smokescreen&cts=1623591080963&vi=aefe0c4c2ae79f1227d7e5c436649b60&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 32202e35-262a-4f52-9c43-929f6154f446
cf-ray: 65ebadc01ee4c2f4-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
cf-request-id: 0aa72aec130000c2f48b8aa000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=nHS86mIW0f%2FUh%2FJt9%2BGT4Rn4SiM37itGdfTgdtQNjhpLx3xG0hhB75TXM%2B7XtueLG0gp%2Bu5m72lZXDxGxRx%2FGpacn15w9Hp%2F%2BrRkWC02til5%2Fnces6YLukh1CBhxihw%2F6ejoOppmI2L2Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
425 B 74ms
72ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=34154bea-73c8-4faa-9db6-d5d415ed8e38&fci=3ebf56bb-05e6-41be-8679-3c208e036e96&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=7870773&rcu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&pu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&t=Top+Lateral+Movement+Techniques+%E2%80%93+The+Red+Team+Edition+%7C+Smokescreen&cts=1623591080966&vi=aefe0c4c2ae79f1227d7e5c436649b60&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 2eda5ea9-506a-488d-b689-e9e7e31403e5
cf-ray: 65ebadc01ee9c2f4-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
cf-request-id: 0aa72aec130000c2f4ac202000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KFEGTdiD9%2FaKUTWUP3UE9KQHRASGpx2L0wG4cDEgCooFBMk7XFIyVaHKOTk5L1af3m5EuMSj3w%2FG3AetaWFBR2TdWljQjuv6z2jpUTuPADZn3Eq0ptYlPwQyYLsI5gup42Wa44SQnUKaGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
386 B 73ms
72ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=34154bea-73c8-4faa-9db6-d5d415ed8e38&fci=3ebf56bb-05e6-41be-8679-3c208e036e96&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=7870773&rcu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&pu=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&t=Top+Lateral+Movement+Techniques+%E2%80%93+The+Red+Team+Edition+%7C+Smokescreen&cts=1623591080970&vi=aefe0c4c2ae79f1227d7e5c436649b60&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a8e40659-faf6-4e9f-98b6-a528d92b2c39
cf-ray: 65ebadc01ee3c2f4-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
cf-request-id: 0aa72aec120000c2f456090000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HmPK3KeE3tmIaj8%2FCoRwzeC6xE5mgbkl%2B%2F%2FfFTqis6MBxiuce4CgXCVljy8gqwgqhLPMOn8EdltgoqW6hj%2BxUlT%2BoVSt%2B2Cezj6dDFlxU0mW3pToI54XYu1euVixwIBAdtgq3yStuZTvRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 205 B
1002 B 157ms
142ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=7870773

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a15d0bcb5e80a175fa932c730954aac958391723d9c03e3bc98edfaf2cbdfa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ad540300-d2c1-4e63-aeaf-4212c28680cb
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0aa72aec1e00004a5b6e93a000000001
server: cloudflare
x-trace: 2BED65AB455557AD8CE17FCCE0FA45390ADEA0B7E2000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wrxe3oTyfvu1GIRENS3U7B%2FnfOpM1rRgdlGIQfDS1vyfft2jENw14pJvblY%2FUFO9i76VtQypnrQRk%2BYF2Oa9UgY2zVJLLR66wwx8z1QDOWGpQo6XRpCln4pbuUDxzJSoocGIKVzTIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.smokescreen.io
access-control-allow-credentials: false
cf-ray: 65ebadc0284a4a5b-FRA
access-control-allow-headers: *

POST
H/1.1 200
OK / Show response
gc.smokescreen.io/api/13/envelope/ 2 B
357 B 568ms
145ms Fetch
application/json 3.208.59.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gc.smokescreen.io/api/13/envelope/?sentry_key=15093a5b9e034938a045a0af1fd40917&sentry_version=7

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.208.59.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-59-234.compute-1.amazonaws.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 13 Jun 2021 13:31:21 GMT
vary: Origin
Server: nginx/1.14.0 (Ubuntu)
Strict-Transport-Security: max-age=31536000
Content-Type: application/json
access-control-allow-origin: https://www.smokescreen.io
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
Connection: close
Content-Length: 2

POST
H3-29 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame 80C7 35 KB
21 KB 57ms
56ms XHR
application/json 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

71d4d111ec68894e3ea089fdf28c8d2687bc9934076d1be423802068ab6652aa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21310
x-xss-protection: 1; mode=block
expires: Sun, 13 Jun 2021 13:31:21 GMT

GET
H2 200 component---src-pages-library-index-js-1f6c692b66f5a1e4bf59.js
www.smokescreen.io/ 0
5 KB 206ms
205ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-library-index-js-1f6c692b66f5a1e4bf59.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b; __hstc=132426193.aefe0c4c2ae79f1227d7e5c436649b60.1623591080961.1623591080961.1623591080961.1; hubspotutk=aefe0c4c2ae79f1227d7e5c436649b60; __hssrc=1; __hssc=132426193.1.1623591080961
:path: /component---src-pages-library-index-js-1f6c692b66f5a1e4bf59.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"a3537487d32a8fd90232cec26aeebe8d"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: DQK9sYcz2TSdM_vuZXf26xKVDln6OMwTXAPfM1YKjY9z6ExUdtjQNA==

GET
H3-29 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 80C7 600 B
622 B 7ms
6ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 08:41:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 103780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 600
x-xss-protection: 0
expires: Sat, 19 Jun 2021 08:41:41 GMT

GET
H3-29 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 80C7 530 B
552 B 7ms
6ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 10:38:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 96773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 530
x-xss-protection: 0
expires: Sat, 19 Jun 2021 10:38:28 GMT

GET
H3-29 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 80C7 665 B
687 B 7ms
7ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 16:23:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 76098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 665
x-xss-protection: 0
expires: Sat, 19 Jun 2021 16:23:03 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 80C7 15 KB
15 KB 18ms
16ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 07:03:43 GMT
x-content-type-options: nosniff
age: 109658
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 07:03:43 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 80C7 15 KB
15 KB 23ms
21ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 13:12:03 GMT
x-content-type-options: nosniff
age: 87558
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 13:12:03 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 80C7 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 14:39:55 GMT
x-content-type-options: nosniff
age: 82286
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 14:39:55 GMT

GET
H3-29 200 payload
www.google.com/recaptcha/enterprise/ Frame 80C7 26 KB
26 KB 16ms
16ms Image
image/jpeg 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AGdBq26PbOA3UXbjo68MA5QlwoZmbLzSCzzT763EIrKeMRofPX9t_QM7HH-Dw2YeWm8cg-obHX3UsB2GMwQNaxyfWdcz8WUJJGVB8mKH2M03LBaFJrqidfSvJmn-s-XxAhc5MCiQyfL-G5s2XT8LP6LdQF5U2z-ZdfW2dLNPBl57QZ3JCd3WZ_tpLXP1qVeowtjAfiiuuqS3OTrXB1LAVbLl7OpJyZhe6g&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

189cd353204dbca3e6a643c4b46332df5c4090a1c37454efc9c26fd2828a2acf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=6OAif-f8nYV0qSFmq-D6Qssr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&cb=xzesstbbsvb6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26318
x-xss-protection: 1; mode=block
expires: Sun, 13 Jun 2021 13:31:21 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 86 KB
34 KB 28ms
26ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-678640372

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b89c13b151448b05a9f2f93a416dc0bd0b4e52aea1fd1dfc09c6bfcf13e0eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34756
x-xss-protection: 0
last-modified: Sun, 13 Jun 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 13 Jun 2021 13:31:21 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 13 Jun 2021 13:31:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=18678
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 205ms
72ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-678640372

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13984
x-xss-protection: 0
server: cafe
etag: 12421713846596914618
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 13 Jun 2021 13:31:21 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/678640372/ 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/678640372/?random=1623591081438&cv=9&fst=1623591081438&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&tiba=Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea4cb39c5b1320c4aebd559015b06f987bcbfe9a5f1e4f16aa57a0652cc2f876

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1108
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/678640372/ 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/678640372/?random=1623591081438&cv=9&fst=1623589200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&tiba=Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen&async=1&fmt=3&is_vtc=1&random=215138127&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/678640372/ 42 B
64 B 28ms
26ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/678640372/?random=1623591081438&cv=9&fst=1623589200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa690&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&tiba=Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen&async=1&fmt=3&is_vtc=1&random=215138127&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Jun 2021 13:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 component---src-pages-all-resources-js-625d9f25e52063804184.js
www.smokescreen.io/ 0
4 KB 193ms
193ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-all-resources-js-625d9f25e52063804184.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b; __hstc=132426193.aefe0c4c2ae79f1227d7e5c436649b60.1623591080961.1623591080961.1623591080961.1; hubspotutk=aefe0c4c2ae79f1227d7e5c436649b60; __hssrc=1; __hssc=132426193.1.1623591080961
:path: /component---src-pages-all-resources-js-625d9f25e52063804184.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"f99b870ccb140d656ae35942521f8b3f"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: SGSaBVCLCfd4nR00ATo9Zq1-ngzIFxMA1ntgHoWWmymuNi2iiSRTGw==

GET
H2 200 component---src-pages-blog-js-f03dc969e8169e71c3e2.js
www.smokescreen.io/ 0
2 KB 462ms
462ms Other
application/javascript 2600:9000:211a:9e00:5:a05f:2c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.smokescreen.io/component---src-pages-blog-js-f03dc969e8169e71c3e2.js

Requested by

Host: www.smokescreen.io
URL: https://www.smokescreen.io/app-c7efa3ffa09fe5073e2c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211a:9e00:5:a05f:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: no-cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.924104956.1623591079; _gid=GA1.2.1268170532.1623591079; _gcl_au=1.1.602426566.1623591079; _fbp=fb.1.1623591078928.329759053; _clck=au9bcj; nQ_cookieId=c703a8d5-820b-0e65-ee7b-144e235ce718; nQ_userVisitId=fc981d4d-47f9-d2d1-0c30-c3ff44819a17; _gat=1; messagesUtk=b508323944e14ed3b682ab7c1cd65d6b; __hstc=132426193.aefe0c4c2ae79f1227d7e5c436649b60.1623591080961.1623591080961.1623591080961.1; hubspotutk=aefe0c4c2ae79f1227d7e5c436649b60; __hssrc=1; __hssc=132426193.1.1623591080961
:path: /component---src-pages-blog-js-f03dc969e8169e71c3e2.js
pragma: no-cache
purpose: prefetch
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
cache-control: no-cache
:authority: www.smokescreen.io
referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.smokescreen.io/library/siege-craft/top-lateral-movement-techniques/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Wed, 19 May 2021 08:35:51 GMT
server: AmazonS3
x-frame-options: DENY
etag: W/"95cf269d8040434efc23e22e8fe86aec"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 4ca98b546b8d71c72caf6a3d8f75dc24.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, immutable
feature-policy: geolocation 'none';camera 'none';microphone 'none';payment 'none'
x-amz-cf-id: vQO0fUKlF31Nl9Oqf5al8FIl0dY4m6gLgUyhJ8wnAFV4W3LcAHVXwQ==

POST
H2 200 collect Show response
www.clarity.ms/vmss-eus/ 7 B
215 B 102ms
102ms XHR
text/plain 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/vmss-eus/collect
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 1661765467478b77853c92c91c3267c5edd4a099267f734208c545ff60bce645

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Jun 2021 13:31:21 GMT
content-encoding: br
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
access-control-allow-credentials: true
x-azure-ref: 0qgjGYAAAAABFRGuaigsgQZPhdw9ee6hGTE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
content-length: 11
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 e.gif
new-collect.albacross.com/ 37 B
103 B 222ms
72ms Image
image/gif 34.255.184.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview&ci0=c703a8d5-820b-0e65-ee7b-144e235ce718&v0=fc981d4d-47f9-d2d1-0c30-c3ff44819a17&p0=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&u0=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&c0=89397750&t0=1623591079456&ur0=https%3A%2F%2Fwww.smokescreen.io%2Flibrary%2Fsiege-craft%2Ftop-lateral-movement-techniques%2F&ti0=Top%20Lateral%20Movement%20Techniques%20%E2%80%93%20The%20Red%20Team%20Edition%20%7C%20Smokescreen&re0=1600&re0=1200&o0=landscape-primary&e1=pageview_ping&ci1=c703a8d5-820b-0e65-ee7b-144e235ce718&v1=fc981d4d-47f9-d2d1-0c30-c3ff44819a17&p1=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&u1=db71a413-76c2-1dd0-ad08-77fc3032543c&c1=89397750&t1=1623591079457&li1=1623591079454&e2=pageview_ping&ci2=c703a8d5-820b-0e65-ee7b-144e235ce718&v2=fc981d4d-47f9-d2d1-0c30-c3ff44819a17&p2=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&u2=759d6812-01cd-48c0-cfef-d7c2a99dddcb&c2=89397750&t2=1623591079458&li2=1623591079454
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.184.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-184-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:22 GMT
content-length: 37
content-type: image/gif

POST
H2 200 collect Show response
www.clarity.ms/vmss-eus/ 7 B
157 B 188ms
128ms XHR
text/plain 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/vmss-eus/collect
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 1661765467478b77853c92c91c3267c5edd4a099267f734208c545ff60bce645

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Jun 2021 13:31:24 GMT
content-encoding: br
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
access-control-allow-credentials: true
x-azure-ref: 0rQjGYAAAAACsetzUS61eSZtR/j8xlEtuTE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
content-length: 11
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 e.gif
new-collect.albacross.com/ 37 B
102 B 72ms
72ms Image
image/gif 34.255.184.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=b73d5c27-fd70-e217-f784-6357db03cda6&v0=2d572d51-f98d-aeb5-ab85-b83d3601f9af&p0=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&u0=ad7a6cbc-93d7-2fd4-b26b-039a917a7ed1&c0=89397750&t0=1623591083959&li0=1623591079454
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.184.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-184-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:25 GMT
content-length: 37
content-type: image/gif

GET
H2 200 e.gif
new-collect.albacross.com/ 37 B
102 B 72ms
72ms Image
image/gif 34.255.184.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.1&e0=pageview_ping&ci0=b73d5c27-fd70-e217-f784-6357db03cda6&v0=2d572d51-f98d-aeb5-ab85-b83d3601f9af&p0=7ceba809-73fc-3c58-b4f5-8e7ee0a1181a&u0=0710a446-2a8a-e298-1924-395b6737fd40&c0=89397750&t0=1623591086210&li0=1623591079454
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.184.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-184-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 13 Jun 2021 13:31:28 GMT
content-length: 37
content-type: image/gif

POST
H2 200 collect Show response
www.clarity.ms/vmss-eus/ 7 B
158 B 98ms
98ms XHR
text/plain 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/vmss-eus/collect
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 1661765467478b77853c92c91c3267c5edd4a099267f734208c545ff60bce645

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Jun 2021 13:31:27 GMT
content-encoding: br
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
access-control-allow-credentials: true
x-azure-ref: 0sAjGYAAAAAAFoDZZyY7QRrHTbY4JoLgATE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
content-length: 11
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H2 200 collect Show response
www.clarity.ms/vmss-eus/ 7 B
158 B 106ms
106ms XHR
text/plain 2620:1ec:29::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/vmss-eus/collect
Requested by: Host: www.smokescreen.io
URL: https://www.smokescreen.io/35-9df5cd936ffd6a686f9b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::67 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 1661765467478b77853c92c91c3267c5edd4a099267f734208c545ff60bce645

Request headers

Referer: https://www.smokescreen.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 13 Jun 2021 13:31:30 GMT
content-encoding: br
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: text/plain
access-control-allow-origin: https://www.smokescreen.io
access-control-allow-credentials: true
x-azure-ref: 0swjGYAAAAACJ5cBJeIWmTKDY94Np1qTzTE9OMjFFREdFMDIwOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
content-length: 11
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

Verdicts & Comments Add Verdict or Comment

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.smokescreen.io/	1970-01-19 18:59:52	Name: __hssc Value: 132426193.1.1623591080961
.smokescreen.io/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.smokescreen.io/	1970-01-20 04:21:27	Name: __hstc Value: 132426193.aefe0c4c2ae79f1227d7e5c436649b60.1623591080961.1623591080961.1623591080961.1
.smokescreen.io/	1970-01-20 04:21:27	Name: messagesUtk Value: b508323944e14ed3b682ab7c1cd65d6b
www.smokescreen.io/	1970-01-20 03:45:27	Name: nQ_cookieId Value: c703a8d5-820b-0e65-ee7b-144e235ce718
www.smokescreen.io/	1970-01-20 03:45:27	Name: _clck Value: au9bcj
.smokescreen.io/	1970-01-20 04:21:27	Name: hubspotutk Value: aefe0c4c2ae79f1227d7e5c436649b60
.smokescreen.io/	1970-01-19 21:09:27	Name: _gcl_au Value: 1.1.602426566.1623591079
.smokescreen.io/	1970-01-19 18:59:51	Name: _gat Value: 1
.smokescreen.io/	1970-01-19 21:09:27	Name: _fbp Value: fb.1.1623591078928.329759053
www.smokescreen.io/	1970-01-19 18:59:52	Name: nQ_userVisitId Value: fc981d4d-47f9-d2d1-0c30-c3ff44819a17
.smokescreen.io/	1970-01-19 19:01:17	Name: _gid Value: GA1.2.1268170532.1623591079
.smokescreen.io/	1970-01-20 12:31:03	Name: _ga Value: GA1.2.924104956.1623591079

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
api.hubspot.com
app.hubspot.com
assets.ubembed.com
c.bing.com
c.clarity.ms
connect.facebook.net
e8c2372e0cbc4cef8d1bb6cfc2cef6d6.js.ubembed.com
fonts.gstatic.com
forms.hsforms.com
gc.smokescreen.io
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.usemessages.com
new-collect.albacross.com
perf.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
sc.lfeeder.com
serve.albacross.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.smokescreen.io
108.174.10.14
13.225.74.129
142.250.186.162
151.101.193.131
2600:9000:211a:3a00:1f:f723:6fc0:93a1
2600:9000:211a:9e00:5:a05f:2c80:93a1
2606:4700::6810:5805
2606:4700::6811:46b0
2606:4700::6811:73b0
2606:4700::6811:7d2
2606:4700::6811:82ab
2606:4700::6811:b749
2606:4700::6811:cbcc
2606:4700::6811:d4cc
2606:4700::6811:ebcc
2606:4700::6812:15bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2620:1ec:29::67
2620:1ec:c11::200
2a00:1450:4001:801::2003
2a00:1450:4001:809::2008
2a00:1450:4001:812::2003
2a00:1450:4001:812::2004
2a00:1450:4001:812::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2003
2a00:1450:400c:c00::9c
2a02:26f0:6c00:2b0::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.208.59.234
34.255.184.223
52.142.114.2
99.86.241.65
05c069f3394113bf2b3c2de97f813bd4969a67f044009f5fbab9cc0b360d7582
068605b7a74adeae97a35f115e5d2116b49e1b0746b0172d6795cf4c7f93ecc8
101710e14b85d2c13f2cde7c0504b1eda3e8635311f94657d329a63286a9be12
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1661765467478b77853c92c91c3267c5edd4a099267f734208c545ff60bce645
189cd353204dbca3e6a643c4b46332df5c4090a1c37454efc9c26fd2828a2acf
194dbe13a0d009d6235556804249eb2ef3bb642d91ce4ddc080d4d4b8b3ee570
1a059af6b3e5a93f094f52563944e210bc6a93cd0e74c4339b7432c19f958a76
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ee459a55ac8e52a06584dd3110d0194e6fe481723dae7fe89e7a18d2d35a1f0
213e9304ead3746d69afe52d7b03c39c382fc09655aa158a0b9a21ed0ae46c88
217a07fddedc1d431f0909f6757bfef7b36d9386fe473a8d772689d50bdee5df
22a3c724777199406561d9f68f253e078b4ae553712b2ff85cb86cc3d432d0fe
23dc3f4e465c5562e9178eb368fa7e555f205c8a92a403d15a0b784716a49a41
279cf940857645f33bf142ed36fd74e718ab226d836eb57f656d3b2c7c0d017c
2b02aade81ccac7f4ab65b5d4aa5643185266570f7fcfaa31c86738772850ce4
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cd4697287646641fa39f413a3d195147fe6fd7d47614c53235d1985f13a3826
38fbe56978cc73ba5a5f8c85b360f71aca125c2cd850a3cd6c3683385e388702
3b89c13b151448b05a9f2f93a416dc0bd0b4e52aea1fd1dfc09c6bfcf13e0eb5
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
412979f99062018cc1b3ba7cc84a0c6d03f86f1c1f07f1ee90fa0402ba2d93ed
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
457a24764c4e5efb7b6de9b07cd544165b996f07310f9626d3571a02bd250d51
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
4cfb3bbc7d2dd26c818ddd0cd753135a4eeece81c2751228ecde155f729ac2f9
5348c7fa45c3bf3a8e4465ac652e291e17cda4dfedfc5ef7a0bdc315d942855b
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
57de733c29e42747b81b82e4480ce229d6423a3f8d3839dabff81b81ba491088
5a15d0bcb5e80a175fa932c730954aac958391723d9c03e3bc98edfaf2cbdfa2
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5cd92ecc87b6f2ed90dd548ba471c8f99507c8118633e3bdbcb5982429c70cc7
5de9219efb11d6fcd505ebc32093c0853aec6131a12703d2027b4da8d28fa82d
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fb628ecdfdb437026f7b87adce8a814fab315a783b1b6a08036437d30b5bcb3
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
601291f305461286aacfbcabafb236c415748ad5f5f8264def5998ae9e7f28ba
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
71d4d111ec68894e3ea089fdf28c8d2687bc9934076d1be423802068ab6652aa
73cdf71dcf6418b9da96c5d7e9be48f7700b1b8d4cd4f224139ac93c77be7af2
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
7835a7a3ced0b25b9bcc0caeaa041862878116020eb37faa0a031ad0fe60a0ff
7ed6ea6b994f975e4ede747d96d2eb3f63ad55b3d5803615fdb115b487b461d1
7eed4436c264ceb760c39e0cc4200122ebf2981db513e30ca8da2ef62313f746
8056f76f1d919208533da2c70d658a3cc87cbe354fcc3f8b8409a74f2dfad377
83af6070a437af3235af78136c319545b50c907083eaa004f101f0155ab2dabd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85a94aca9a3bb11143fc25e69f7cddee5e42619798aea0a4595e5b85af2db47e
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8bfaf6609d0d7144c486f12ab8a2485b40939dfcc0eb01b567399666568d1ceb
94b63fd36f5c48af5e612b6719d6b77f1e4f4087dd69ffa426c2f966b775a82b
98a2beec808e2eed3b9fe443e5f0937b851df4e4f312bb8b4af5da3265a7c50d
98c3fd47f8fd48008fe107ed1f093de3776a6e1156ff4cad66d50c6874271e48
98cc1710990a16be464aaef1d702d25076cdfba8a7690fc6a10983c3d876b5b5
993ace390132db4b18cc6804227d768a1b80ab1b4850c160c92be5c2a8b6d5ad
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9fcb720730ec6667a8eb5cc8922104bcd038a26f8ad3f2b97c39da1f8b1d248c
a1979444926f369a1fc64bcaa34b55f97f3c3efa32528bf37d662436ce38c76e
a68940d3f53b14d137117644accafe2e097ab09529178c27055b5eb836c4368d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aecdf4141f48d868606bb0d1a46fa67a8e920644db973cbb1f4e4b4d0d6df256
aef23deda339b41ec1128bd29fb926bd6b5317b06583cfe713da67ae9db605ba
b762b88c5eb49bb0fb4735595032ee1900b76cf4af25b19060f57de8b9a8f854
bb005bd480e05c481960064366fa87bfbb0c01fab837af169ec53a4c593407da
c0e49e65134724397e676577b7bb86785db1d733f6b31a5d637f3919d0826491
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d2fd7ffb4fa968fff4c2c718f390b17e35b64f251c8193c415e686c2d070df93
da522c47fc8e72ce7c3f6246b9e116d700b35ebf64f6fc3be0020b76511270c0
dba17f1b29b3b3637d709f951023ea1655b08c6b4f40fd612c5e927ba72829fa
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
df3addab490fb30cc123c4b8325ca343429fdc6d356a435065f3d2d7fad792fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59bb64bc3947e4a48dc5983143fe2940c80fd889d3ae8956dba49c60e9e17fd
e8f05752862160fa1888c91060a324c84870cd4bca2acee125713d11147fde5d
e9a7745d18a64d87c71ce664ff1b2c78a5ea4f0167bb41733632236b42f89b60
ea4cb39c5b1320c4aebd559015b06f987bcbfe9a5f1e4f16aa57a0652cc2f876
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8f5f445e32edd983337a5f61a444d1e8713e548abe1534baf9dfec19612001
f5e54dff09bbbc430b4cb92529ee7700e102aa9263c5ce69cf4eaf1174e6e6cc
f840fce4a4a5d4318ca350faeb50f370ead933f99f2cdb68e0af2ffcdb78a0de
f977afd17a6cedb1886bc57b474a36d8241c75f01258e8b7421292c00442888f
fab326b8ea83ef204eb346c3af1238f552f6242707cdf6145086919d15ce4925
ff456a6ed10e9e2921af692e24717f8428678721a32f4b250b774d34ac67a9e2

www.smokescreen.io Open in urlscan Pro 2600:9000:211a:9e00:5:a05f:2c80:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

119 Requests

100 %HTTPS

79 %IPv6

28 Domains

39 Subdomains

36 IPs

4 Countries

2263 kBTransfer

5304 kBSize

13 Cookies

2 Outgoing links

Page URL History

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.smokescreen.io Open in urlscan Pro
2600:9000:211a:9e00:5:a05f:2c80:93a1 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

100 %
HTTPS

79 %
IPv6

28
Domains

39
Subdomains

36
IPs

4
Countries

2263 kB
Transfer

5304 kB
Size

13
Cookies

119 HTTP transactions
5 data transactions