www.securityweek.com Open in urlscan Pro
2606:4700:20::6818:a003 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Submission: On June 21 via api (June 21st 2023, 2:10:00 am UTC) from TR — Scanned from DE

Summary HTTP 193 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 26 IPs in 2 countries across 19 domains to perform 193 HTTP transactions. The main IP is 2606:4700:20::6818:a003, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securityweek.com. The Cisco Umbrella rank of the primary domain is 214443.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 24th 2023. Valid for: a year.

This is the only time www.securityweek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
88	2606:4700:20:... 2606:4700:20::6818:a003	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:863b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
12	116.202.46.88 116.202.46.88	24940 (HETZNER-AS) (HETZNER-AS)
4	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
8	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
7	2606:4700::68... 2606:4700::6811:cb35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
22	2600:9000:20c... 2600:9000:20c3:9000:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:6cc7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8cce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
193	26

88 2606:4700:20::6818:a003 (United States)

ASN13335 (CLOUDFLARENET, US)

www.securityweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:863b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 116.202.46.88 (Weng, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88.46.202.116.clients.your-server.de

ads.securityweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

securityweek.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:cb35 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.justuno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
my.justuno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aly.justuno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2600:9000:20c3:9000:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:6cc7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
100	securityweek.com www.securityweek.com — Cisco Umbrella Rank: 214443 ads.securityweek.com — Cisco Umbrella Rank: 436327	2 MB
22	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4748	722 KB
14	gstatic.com fonts.gstatic.com	224 KB
12	disqus.com securityweek.disqus.com — Cisco Umbrella Rank: 620002 disqus.com — Cisco Umbrella Rank: 1251 referrer.disqus.com — Cisco Umbrella Rank: 6981	109 KB
8	googlesyndication.com d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 tpc.googlesyndication.com — Cisco Umbrella Rank: 155	41 KB
7	justuno.com cdn.justuno.com — Cisco Umbrella Rank: 32969 my.justuno.com — Cisco Umbrella Rank: 33790 aly.justuno.com — Cisco Umbrella Rank: 41822	59 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 fonts.googleapis.com — Cisco Umbrella Rank: 80	18 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60 region1.google-analytics.com — Cisco Umbrella Rank: 1832	21 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219	170 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2377	16 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	236 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4971 forms.hscollectedforms.net — Cisco Umbrella Rank: 5088	26 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	2 KB
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1123	14 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4470	983 B
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2462	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2379	21 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2641	1 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1159	12 KB
193	19

	Domain	Requested by
88	www.securityweek.com	www.securityweek.com static.cloudflareinsights.com
22	c.disquscdn.com	disqus.com c.disquscdn.com securityweek.disqus.com
14	fonts.gstatic.com	fonts.googleapis.com
12	ads.securityweek.com	www.securityweek.com ads.securityweek.com
8	disqus.com	securityweek.disqus.com c.disquscdn.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	cdn.justuno.com	www.securityweek.com cdn.justuno.com
4	securepubads.g.doubleclick.net	www.securityweek.com securepubads.g.doubleclick.net
4	fonts.googleapis.com	www.securityweek.com client
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	securityweek.disqus.com	www.securityweek.com securityweek.disqus.com
3	www.googletagmanager.com	www.securityweek.com www.googletagmanager.com
2	my.justuno.com	cdn.justuno.com www.securityweek.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	static.cloudflareinsights.com	www.securityweek.com
1	aly.justuno.com	www.securityweek.com
1	referrer.disqus.com
1	forms.hsforms.com
1	track.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.google.com	tpc.googlesyndication.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	js.hs-scripts.com	www.securityweek.com
1	use.fontawesome.com	www.securityweek.com
1	ajax.googleapis.com	www.securityweek.com
193	30

This site contains links to these domains. Also see Links.

Domain
gateway.on24.com
www.securitysummits.com
www.icscybersecurityconference.com
www.facebook.com
twitter.com
www.linkedin.com
ads.securityweek.com
web.whatsapp.com
www.descope.com
www.youtube.com
msrc.microsoft.com
www.twitter.com
www.cisoforum.com
advertise.securityweek.com

Subject Issuer	Validity	Valid
www.securityweek.com Cloudflare Inc ECC CA-3	`2023-01-24` - `2024-01-23`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
use.fontawesome.com GTS CA 1P5	`2023-05-06` - `2023-08-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
servedbyadbutler.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-09` - `2024-01-03`	7 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-04-20`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
justuno.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
a.disquscdn.com Amazon RSA 2048 M01	`2023-03-01` - `2023-10-29`	8 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Frame ID: 5B7B6AB727E6E8D76E93D4F830FE8A70
Requests: 143 HTTP requests in this frame

Frame: https://d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 01A54DED513C0429B22877432CA24C17
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
Frame ID: 12CD5FF1A62E0D4918DB2D43755AF4D4
Requests: 22 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps
Frame ID: 224774746E389F111A0551ABB0077712
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 724980CF15AC9199D3FDB3F6360F242C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0CD3632244EAAAE44CACE4F7D67EC734
Requests: 2 HTTP requests in this frame

Frame: https://cdn.justuno.com/store_4.1.html?v=5.65
Frame ID: 0F57D7BA8799FC01376C421142CF84CF
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 04247CF59346BC2B0288458AFCDFA0D0
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: E3CE661C34C25F64F4622AC55B13D6E7
Requests: 1 HTTP requests in this frame

Frame: https://cdn.justuno.com/store_4.1.html?v=5.65
Frame ID: F0993E75346C7515511F5E03B7294EC5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps - SecurityWeek

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

193
Requests

100 %
HTTPS

88 %
IPv6

19
Domains

30
Subdomains

26
IPs

2
Countries

3517 kB
Transfer

7381 kB
Size

18
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://gateway.on24.com/wcc/eh/1220486/securityweek-webcast-library
Title: Webcasts

Search URL Search Domain Scan URL

URL: https://www.securitysummits.com/
Title: Virtual Events

Search URL Search Domain Scan URL

URL: https://www.icscybersecurityconference.com/
Title: ICS Cybersecurity Conference

Search URL Search Domain Scan URL

URL: https://www.securitysummits.com/event/ciso-virtual-summit/
Title: CISO Forum

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SecurityWeekCom-366251913615/

Search URL Search Domain Scan URL

URL: https://twitter.com/securityweek

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/securityweek/

Search URL Search Domain Scan URL

URL: https://ads.securityweek.com/redirect.spark?MID=179018&plid=2118090&setID=593294&channelID=0&CID=775056&banID=521108512&PID=0&textadID=0&tc=1&adSize=970x250&mt=1687313394738564&sw=1600&sh=1200&spr=1&referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&hc=b7265ed2db6440e532423192d7aca9915cf0cce3&location=

Search URL Search Domain Scan URL

URL: https://web.whatsapp.com/send?text=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps%20https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Title: Whatsapp

Search URL Search Domain Scan URL

URL: https://www.descope.com/blog/post/noauth
Title: nicknamed nOAuth

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=ceeA3FmKxtM
Title: released a demo video

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/blog/2023/06/potential-risk-of-privilege-escalation-in-azure-ad-applications
Title: Microsoft described the issue

Search URL Search Domain Scan URL

URL: https://ads.securityweek.com/redirect.spark?MID=179018&plid=2118098&setID=605204&channelID=0&CID=775056&banID=521108524&PID=0&textadID=0&tc=1&adSize=300x250&mt=1687313394735689&sw=1600&sh=1200&spr=1&referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&hc=a9ca8a36a9901961473c3ef0e226fcbc591e013c&location=

Search URL Search Domain Scan URL

URL: https://www.twitter.com/ryanaraine/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/ryanaraine/

Search URL Search Domain Scan URL

URL: https://www.securitysummits.com/event/threat-intelligence-summit/
Title: Virtual Event: Threat Detection and Incident Response Summit

Search URL Search Domain Scan URL

URL: https://www.cisoforum.com/
Title: CISO Forum

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups?mostPopular=&gid=3551517
Title: Cyber Weapon Discussion Group

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups/?gid=4439585
Title: Security Intelligence Group

Search URL Search Domain Scan URL

URL: https://advertise.securityweek.com/info
Title: Advertising

Search URL Search Domain Scan URL

URL: https://advertise.securityweek.com/events
Title: Event Sponsorships

Search URL Search Domain Scan URL

URL: https://advertise.securityweek.com/contact-securityweek
Title: Writing Opportunities

Search URL Search Domain Scan URL

URL: https://ads.securityweek.com/redirect.spark?MID=179018&plid=2114926&setID=479628&channelID=0&CID=773887&banID=521099255&PID=0&textadID=0&tc=1&adSize=640x480&mt=1687313394732334&sw=1600&sh=1200&spr=1&referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&hc=b6436ff9aaf6110319302cf9966f939b3c12de4a&location=

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

193 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/ 151 KB
29 KB 634ms
604ms Document
text/html 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: d333c3cbe4bbd75337075043c290bcb26aa01508132b9ea508d43b763483979f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7da8b639da062bb5-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 21 Jun 2023 02:09:52 GMT
last-modified: Tue, 20 Jun 2023 15:01:26 GMT
link: <https://www.securityweek.com/wp-json/>; rel="https://api.w.org/" <https://www.securityweek.com/wp-json/wp/v2/posts/34057>; rel="alternate"; type="application/json" <https://www.securityweek.com/?p=34057>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tap0rG9b2kcBx6mV4FuYFRxyXjHwNhzTLRXSHkFRssfHUb9Vpp0j00Mzv26gdCkYlk7tGlqkNSukHdJFyXKPMluN3dSBMisQiEYDETv0PHuR%2F4G7rxKspSZcsGdEbytSoK8Ps%2F5A5MAh1UPglX2BP6Vr"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 33
x-cache-group: normal
x-cacheable: SHORT
x-pingback: https://www.securityweek.com/xmlrpc.php
x-powered-by: WP Engine

GET
H2 200 uF-Ze7WAyjEpzP032WXyUupeXAE.js Show response
www.securityweek.com/cdn-cgi/apps/head/ 5 KB
2 KB 2032ms
2029ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/cdn-cgi/apps/head/uF-Ze7WAyjEpzP032WXyUupeXAE.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 794a3f88df27cdece064dcaa4ce73387648f766d52210b1b20cf2f50e974b8ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
x-amz-version-id: Id.3DPa.BYLi4zj2Rnk8_fem54OEk5yj
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 16:30:31 GMT
server: cloudflare
x-amz-request-id: DCHHC8B8Z862HMPW
age: 12614783
etag: W/"739c49d4a7bfbaabde79b20a6605c852"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 7da8b63dac582bb5-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g7VbenkCh7NNSYKDvBtLsbjDMxYD1xuI0Q1+fA/afbuX1mLXfhQgmZbkT0H+TIeUFtG+kxraoQQ=

GET
H2 200 style.min.css
www.securityweek.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 2035ms
2031ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1796231
etag: W/"642d3aad-17ced"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kamWg9%2ByMX3zrRHjlDvm5kWLSZFlP0Ml80jU5zKovfAV8A3GRjoGw3knG%2Fp81z%2B8tcQOeM5t7vpVuml5tgx3orsYP%2FVBoYYmyTJL8fsebsUVQBfTRMwjZrWxMTroAEqUvo%2FlILvp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dac5b2bb5-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 classic-themes.min.css
www.securityweek.com/wp-includes/css/ 291 B
518 B 2034ms
2030ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1796231
etag: W/"642d3aad-123"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B0apJSuUB%2F5e6nAj3azUDdgPVVD5d%2FywggiaCEnuYJUsT3XXPFX5KRX%2FDl0yF2EFG5eKpjjuMAguV09Z2G3qspg7N8kNTlw0pXHPlTFDH1ABObpVndEFQRBWawGdelZ9gBvTwbQh"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dac5d2bb5-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 chartsofday.css
www.securityweek.com/wp-content/plugins/securityweek-chartoftheday/css/ 308 B
510 B 2036ms
2032ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/securityweek-chartoftheday/css/chartsofday.css?ver=1.0.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d7c24cb3877d3352b2f3f29ad6e2aee0418556546acaf0dd5c9bcda16f55e0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12616685
cf-polished: origSize=452
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-1c4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOdlSMdJZMcvNWUpyPY%2FLpW87me5txGfTc8s12J%2FVUlV1AnoXkEEAwODbbVG9wbZbLeY3Y6n42lP1Gx%2FwnYzIhpiB6NJ6svf2cQcf9hNWal2m12bcknNF6TSYw2NCb5p%2FawD3%2FjQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc5e2bb5-FRA

GET
H2 200 security-week.css
www.securityweek.com/wp-content/plugins/securityweek/assets/css/ 1019 B
691 B 2033ms
2029ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/securityweek/assets/css/security-week.css?ver=1.3.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24ca94366d2777c45544e38e8592d63ee8fcc89b406bc3fe717a514512508a85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11649501
cf-polished: origSize=1077
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-435"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bM%2F7Dy6ufCTjdltD6xu5IU0aSAEg0l8mhYHVdA4G1LN6P9cQWosFvadJU%2BuG9Lws0p2Qs6P1D%2FuWz15k5DS8Kxm5eDcGSIts7G236PXlW%2BHYY9P9lnRafWWsJ4YIwDBIWALtozif"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc5f2bb5-FRA

GET
H2 200 font-theme.css
www.securityweek.com/wp-content/plugins/theia-post-slider/css/ 2 KB
982 B 2031ms
2027ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/css/font-theme.css?ver=1.15.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d5bf3f8dc9d9dcd608393de3bd8afbeedd5077039b595aaba4529064dbcbe89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 429639
cf-polished: origSize=3030
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:27 GMT
server: cloudflare
etag: W/"63cf858f-bd6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsZ3POjh5RDEcxM%2BERckXGuCi7rfrfyJvdR0t0mheq2yPf3hBlzhOCFV70C5RcS%2BHGhbkbvrXIgKK0IlPFjDCEhKs5cnfN49dKr83IVb32Sk6IL51gaS3kIXakaPwB8foY4qV2Tf"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc602bb5-FRA

GET
H2 200 style.css
www.securityweek.com/wp-content/plugins/theia-post-slider/fonts/ 4 KB
991 B 2032ms
2029ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/fonts/style.css?ver=1.15.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67e380395b14a5ac48faabd1838b4e6fd75b01682364f987dc8948975838837c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12616685
cf-polished: origSize=4566
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-11d6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWwZYyOaJ8mNOd9kVDxmjMIGzx8Mo3DC3Yp4NmqswdrMkNLT1doiJniy1PqCt%2BkpjzSaFoYpJpAQGFlaKGZu5vm73%2FbmSeqK0JvQtmQmbaMzLLdh3VMS39I0my7KgxotuekXnAEx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc612bb5-FRA

GET
H2 200 dashicons.min.css
www.securityweek.com/wp-includes/css/ 58 KB
35 KB 2038ms
2034ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/css/dashicons.min.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1796231
etag: W/"63cf8582-e688"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IuUMjNNesNpZnPvua%2BcNqw5Rqt1IBwWkaiPUhLwUze7WWYM%2F6GxNH7IiFvM70xkI608dnc8ke15a1RciPh0yge1qNm1%2BJsuFIAITplsvD3vXpQ6bdfjDHj34Y6ZJ7nO9P19eTPXh"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc632bb5-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-ui-dialog.min.css
www.securityweek.com/wp-includes/css/ 4 KB
2 KB 2036ms
2033ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/css/jquery-ui-dialog.min.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 643e504c5417068283c7ba2a2e348b0f6c12da9e7b328470424453466d69efa1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1796230
etag: W/"63cf8582-11c4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHl0H7rxR5Xwk1BkvsPxwZMeVEvan9ufWA9qzd0mA%2FhQsJYZlOkSJ9CKM3Gs6oag%2FbZzCoanlGbpIhWKFY2za5xX7n9%2FtIgaTcna6r3pQKNuGpHdqeQG2p0i0z%2BY9hIDB9%2FrQ3xR"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc642bb5-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 phone-picker.css
www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/css/ 19 KB
3 KB 2034ms
2031ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/css/phone-picker.css?ver=2.3.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91bbc128851e65442a70a7e12e55068d75d7e9b0514c5c9cb7c15fe770cf8899

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11650998
cf-polished: origSize=27551
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:20 GMT
server: cloudflare
etag: W/"63cf8588-6b9f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uct1PEcHyhhAInaOh2VKQXp%2FbSS30t%2FRhG7ZanxB6S2MT6%2BCAuX0TSeGpKx%2FV%2FhuuUWdkXYYO%2Fjmm7P6N2NNPQuJTHQNF%2FEVPw8R6m0lpbb4sO%2Bs7rR7nGoTMXpqva9Gloepq96fY5SYc0bUPyoU%2FND9"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc652bb5-FRA

GET
H2 200 jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/ 36 KB
9 KB 2054ms
7ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css?ver=6.2.2

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9b751c1cd0d2b0f91862db987fed9dda48758b15e6f42ca67796b45f4b21702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 11:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8422
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 11:53:39 GMT

GET
H2 200 photoswipe.css
www.securityweek.com/wp-content/plugins/reviewer/public/assets/css/ 10 KB
3 KB 2040ms
2037ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/css/photoswipe.css?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee5d15d9b1f5bfa5869678f288b9e829239f719ec5cb4ff8345979eb9001870c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12616685
cf-polished: origSize=10017
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-2721"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JShP2wGOPFJRpvKSUblpfZV%2FAiH7TEu2uHUk6atvxDvlERNdivA%2FFfyfznqjoUvKMIoHp7N8Ytoim1Ry049LPxcvfowG4zDhra6rLj1QOU0tYYt3UI1cq6bLYhZwDfGemkjQ%2BUuj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc6d2bb5-FRA

GET
H2 200 reviewer-public.css
www.securityweek.com/wp-content/plugins/reviewer/public/assets/css/ 133 KB
13 KB 2043ms
2041ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/css/reviewer-public.css?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6a6ecd56ebd86c4bf8099f38d4acebb360dce6b8ed3b8beebf34e9845510033

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12616685
cf-polished: origSize=135802
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:26 GMT
server: cloudflare
etag: W/"63cf858e-2127a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjLpD%2FX%2Bsl5%2B6IRUXUVAx2%2B1iu9Q2QpPiilOL7%2BgjbrNkOsg1qtGmOsUUvyHj%2FEI%2BurOzutgtsVqPrsWuOfsSvigaA2H3D46dIqIebvEnoRGwS9eb9SQZnxSSE6VyRImTgyyo%2FEj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc6e2bb5-FRA

GET
H2 200 wpp.css
www.securityweek.com/wp-content/plugins/wordpress-popular-posts/assets/css/ 438 B
547 B 2044ms
2041ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=6.1.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a391e09587513aa78421c34ed482a17a5e003c2132edd96227d53831a131b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12616685
cf-polished: origSize=1672
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:24 GMT
server: cloudflare
etag: W/"63cf858c-688"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3VrpCG0041OEQP7sdg1CrynIf7v%2BaZeUe8vDOhUNkaBxAeLeguq2%2BJkMwhtZnWCTiFdXAo9koQdvaWIt2L2XRqdkLfBS3gbL6bcgNsomA2Nk2yGQrhVPRnR%2F68Uo5QAqGN0%2Bwgc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc6f2bb5-FRA

GET
H2 200 style.css
www.securityweek.com/wp-content/themes/zoxpress/ 147 KB
25 KB 2043ms
2041ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/style.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0803977e647dbdb41c98b4318386f697591604f184a59fcafec52ffba1f6bdef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1796230
cf-polished: origSize=184235
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-2cfab"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BRIHEFQihO0mAVOptGALh9PeYrzDCELkHUTZ25fPbM0O6YfZX%2FXXyZJwfEmSybADF1z0pMg7nRhT8O91y3THLl79extL89RIfeIclCjfrszzuFNYJTG5uy0XMKc9qYTKrUN73Jh"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc702bb5-FRA

GET
H2 200 all.css
use.fontawesome.com/releases/v5.5.0/css/ 50 KB
12 KB 2067ms
17ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: TD2RFXGA8A8YF167
age: 72989
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hFxe96CzPougB+NZVOhOkuROJtnGGgyLtycni1NBmKNUMN3SHmatoEX619ZRat8UVnF8I0cvvEs=
last-modified: Wed, 30 Jun 2021 15:43:32 GMT
server: cloudflare
etag: W/"1cc6c92172d124fbd305ba3d8e263333"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BKgVx5CzJ7vd0zZiyb7Q7zs02jrN%2BLmWdWcVKUGhNcJAiFJCX0wrmOwUSGd2WmKv0Y71w2WpJkCKAJT9JxZxq2RvAhjBIuOCHasvxNpE7D1eTQ7DxpDCmEiird9PM%2FV8ipp0ZdH96YVg3uuAk82QmWg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7da8b64a7bbb1cc5-FRA

GET
H2 200 style.css
www.securityweek.com/wp-content/themes/zoxpress-child/ 20 KB
5 KB 2043ms
2040ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/style.css?ver=1.0.24
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a018ab767f279fb68391322c42eacc40517f6a8daa29fedeb4e6b44848917a92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2299345
cf-polished: origSize=24253
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 25 May 2023 11:27:02 GMT
server: cloudflare
etag: W/"646f4606-5ebd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BA73su6z%2FWUmG5RL%2FsInkOvJE8x9OOlne3WK55wa3lxv%2Fj6HSCoAzpPYaJP1De%2B21p6WYlo6U%2FRBqlQweThPzfx1MFVcekHHUhB2h6ymLQtJ383l26BK8XVgjGotMqsu%2Fo9KTjm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc712bb5-FRA

GET
H2 200 all.css
www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/ 58 KB
13 KB 2042ms
2040ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 989934f975edb65dc96fce979cc86bf8d5a9453e6113df99622609381ce175d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1796230
cf-polished: origSize=73577
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-11f69"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQ3Wgbynb19vl97bvw0vPdOwXx8Kb2wngybVPtIN0Ar2dz7zOFMVrlLsWfgsDhuvKqaUrYuRj%2BWcye%2Bclp%2FJ0oJUSw1ECt8tlsoIrJs8u8HfJfZHRfrEiJ66ZCsfnUVnwvF3vQS0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc722bb5-FRA

GET
H2 200 css
fonts.googleapis.com/ 171 KB
6 KB 2080ms
34ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Heebo%3A300%2C400%2C500%2C700%2C800%2C900%7CAlegreya%3A400%2C500%2C700%2C800%2C900%7CJosefin+Sans%3A300%2C400%2C600%2C700%7CLibre+Franklin%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CFrank+Ruhl+Libre%3A300%2C400%2C500%2C700%2C900%7CNunito+Sans%3A300%2C400%2C600%2C700%2C800%2C900%7CMontserrat%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CAnton%3A400%7CNoto+Serif%3A400%2C700%7CNunito%3A300%2C400%2C600%2C700%2C800%2C900%7CRajdhani%3A300%2C400%2C500%2C600%2C700%7CTitillium+Web%3A300%2C400%2C600%2C700%2C900%7CPT+Serif%3A400%2C400i%2C700%2C700i%7CAmiri%3A400%2C400i%2C700%2C700i%7COswald%3A300%2C400%2C500%2C600%2C700%7CRoboto+Mono%3A400%2C700%7CBarlow+Semi+Condensed%3A700%2C800%2C900%7CPoppins%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CRoboto+Condensed%3A300%2C400%2C700%7CRoboto%3A300%2C400%2C500%2C700%2C900%7CPT+Serif%3A400%2C700%7COpen+Sans+Condensed%3A300%2C700%7COpen+Sans%3A700%7CSource+Serif+Pro%3A400%2C600%2C700%7CIM+Fell+French+Canon%3A400%2C400i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7CTitillium+Web%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7CBarlow+Condensed%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%26subset%3Dlatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Cvietnamese

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

49666e3eb8db7069446477b34cb6a47025275b43bc0245ecf6e3ecbc80129c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 02:09:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 media-queries.css
www.securityweek.com/wp-content/themes/zoxpress/css/ 139 KB
12 KB 2041ms
2039ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/css/media-queries.css?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec99dd07af5b4a5e3b072e941d355bdbfa1db688555cd4100ab61caa2b0bc25d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1796229
cf-polished: origSize=180354
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-2c082"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMt9LgVvvPp9yfT4iq8IUJGda33Hj4L8TGrm1Oi%2FnEH%2B9Wc22553EPUc%2BK605dYBPuyCev6vER5OwL2aESRhBHeEoD2MvX878W3kakSTDl4qF%2FpSgoEwLp42%2BKYSFcQEeDwMDsez"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc752bb5-FRA

GET
H2 200 pum-site-styles.css
www.securityweek.com/wp-content/uploads/pum/ 15 KB
3 KB 2040ms
2038ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/uploads/pum/pum-site-styles.css?generated=1686771112&ver=1.18.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 558cc235d4a597a8ec28daee4279486fdd17bc7431b2e15e4634fec0117860c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 530457
cf-polished: origSize=17639
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 14 Jun 2023 19:31:52 GMT
server: cloudflare
etag: W/"648a15a8-44e7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HK8v5Ve%2BExHAlhFpfUedV28cll7nL7zXhcYSGXO0et9RX84AyegtFujKNoBCTLQwMeYJFvOzZFNcEk1kp8hDnh9aWsVs1yP09eSCGN1BrQElCo8LiKBfLGGj9%2BzjT0iUQepy5uRN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b63dbc762bb5-FRA

GET
H3 200 SecurityWeek-Small-Dark.png
www.securityweek.com/wp-content/uploads/2022/04/ 10 KB
10 KB 25ms
24ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/04/SecurityWeek-Small-Dark.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbf7c9bddb9ee180560fa0a36e9d0713aeb6357dd8f79ee9ab31bb9246655136

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12598499
cf-polished: origSize=13020
alt-svc: h3=":443"; ma=86400
content-length: 10019
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-32dc"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyA4Tx%2BHpdGam9c%2BNqiYnBy0SAWd%2FZzyCs6pPO7MCGFhiIXh%2BPKfHUEmrIo6%2BLp5tV1dM5o%2B%2BHze7ClhX%2BmaLUzy3rbxLUyccapuaLz49QxBXoGoXSpFVM7igaZFVcZEmBvUcpgr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64a9a699273-FRA

GET
H3 200 SecurityWeek_Dark_News.png
www.securityweek.com/wp-content/uploads/2022/01/ 22 KB
22 KB 18ms
17ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/01/SecurityWeek_Dark_News.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22bb1253ebf8405c69bdf9d628ab472e02e1f6a06d3eb07bd171494f6c3b6aea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12573873
cf-polished: origSize=30005
alt-svc: h3=":443"; ma=86400
content-length: 22149
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-7535"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYGOHuhLh9V2jnEouRhBZOZwjxiECDLvcdRFjBiEFtDj53StXtg0xP1IzZmGCHCW4dKzfVdYPI3BaSThj%2BxWbHzOrJaYOL0fYlVYQzrVavDDBHmf%2BLeZbmh3REq1nihtieC4Kq%2Fc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64a9a6a9273-FRA

GET
H3 200 SecurityWeek_Dark-Small.png
www.securityweek.com/wp-content/uploads/2022/01/ 10 KB
10 KB 26ms
25ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/01/SecurityWeek_Dark-Small.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbf7c9bddb9ee180560fa0a36e9d0713aeb6357dd8f79ee9ab31bb9246655136

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12598499
cf-polished: origSize=13020
alt-svc: h3=":443"; ma=86400
content-length: 10019
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-32dc"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UNpsGhQlJ1WRHm2KqpjuzXL02NO42yTOXiiOzAyKkpBSAmzWgVBQOtKtm4UuF7kcLJbPiKgwNP6o6YEyEIbQk0iWPTqbpR1PwXmmSFsm3ecw%2FFpBwY97InPVoRc8ljO9xJAoJdy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64a9a6b9273-FRA

GET
H3 200 Microsoft-DDoS-Attack.jpg
www.securityweek.com/wp-content/uploads/2023/06/ 233 KB
234 KB 33ms
32ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/06/Microsoft-DDoS-Attack.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70ec6a6ab4007e089563aee255a80eeb2ac349a4821e1a5bb216b1099c3dde3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 221968
cf-polished: origSize=261794
alt-svc: h3=":443"; ma=86400
content-length: 238877
cf-bgj: imgq:100,h2pri
last-modified: Sun, 18 Jun 2023 12:09:02 GMT
server: cloudflare
etag: "648ef3de-3fea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxJOI7F5UIIGwHR54yWSaZgw9poTGl5E%2FBk933IdYXZ0%2FVNXvc2UvEsHzIEpjUenJJ5PIPKzqKbpiEUkNrJJc2r4EwnYNRBUm5LoXPWRT9Wd7U29s%2BRJrdFSn1NUYmOeXzUPnUfMRq05CL9G2M3dcIXS"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64a9a6c9273-FRA

GET
H3 200 email-decode.min.js Show response
www.securityweek.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
871 B 10ms
9ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Jun 2023 10:17:37 GMT
server: cloudflare
etag: W/"648ae541-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7da8b64a9a689273-FRA
expires: Fri, 23 Jun 2023 02:09:54 GMT

GET
H3 200 SecurityWeek-Small-Dark@2x.png
www.securityweek.com/wp-content/uploads/2022/04/ 22 KB
22 KB 26ms
25ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/04/SecurityWeek-Small-Dark@2x.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22bb1253ebf8405c69bdf9d628ab472e02e1f6a06d3eb07bd171494f6c3b6aea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4652334
cf-polished: origSize=30005
alt-svc: h3=":443"; ma=86400
content-length: 22149
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-7535"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDbLrpF2z1awq6sUU%2BiwTv%2BjLhlV%2Bmu5a4%2B%2BUmr8HhgH7N7FQDtoTNgmuWb%2FWWsEKS8LCFvDJ8nY0JkAuSLOnDrCCgWKnLXwEnxsihHqqTSWaTL41oQ60NHk3bNxpB5M8sev%2BGZ4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64a9a6d9273-FRA

GET
H3 200 rocket-loader.min.js Show response
www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 11ms
10ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Jun 2023 10:17:37 GMT
server: cloudflare
etag: W/"648ae541-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7da8b64a9a6e9273-FRA
expires: Fri, 23 Jun 2023 02:09:54 GMT

GET
H2 200 v52afc6f149f6479b8c77fa569edb01181681764108816 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 59ms
35ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer: https://www.securityweek.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7da8b64abe3abb44-FRA

GET
H3 200 gTSU7w8TKow-r0zxLGZWiDD2jUk.js Show response
www.securityweek.com/cdn-cgi/apps/body/ 970 B
841 B 48ms
48ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/cdn-cgi/apps/body/gTSU7w8TKow-r0zxLGZWiDD2jUk.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/apps/head/uF-Ze7WAyjEpzP032WXyUupeXAE.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e504e9f649813734dd00f332c49ad8a7b96929b4ee751f8b69c87599c98d23dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
x-amz-version-id: tNf5oRoDTPzXxeaDfZtDqkmajaCc93wv
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 16:30:30 GMT
server: cloudflare
x-amz-request-id: KGS5EWQTS3N8F403
age: 12614925
etag: W/"869fcc0499df4fef1fa9d1cd8e1d641e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 7da8b64a9a6f9273-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fECL4yYcp64CcD/3i9lPx9rLmkkLzTODUxxoJmqTjTkAnRVmrpU5u/acPrWQwbBxF8Hdi6KIOvU=

GET
H2 200 css
fonts.googleapis.com/ 2 KB
968 B 39ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/uploads/pum/pum-site-styles.css?generated=1686771112&ver=1.18.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a51a6d6bd79870b6abd5772686659f2b8ecd22cdb0a6ceda0e87295ac284414

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 00:10:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v49/ 25 KB
25 KB 35ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Heebo%3A300%2C400%2C500%2C700%2C800%2C900%7CAlegreya%3A400%2C500%2C700%2C800%2C900%7CJosefin+Sans%3A300%2C400%2C600%2C700%7CLibre+Franklin%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CFrank+Ruhl+Libre%3A300%2C400%2C500%2C700%2C900%7CNunito+Sans%3A300%2C400%2C600%2C700%2C800%2C900%7CMontserrat%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CAnton%3A400%7CNoto+Serif%3A400%2C700%7CNunito%3A300%2C400%2C600%2C700%2C800%2C900%7CRajdhani%3A300%2C400%2C500%2C600%2C700%7CTitillium+Web%3A300%2C400%2C600%2C700%2C900%7CPT+Serif%3A400%2C400i%2C700%2C700i%7CAmiri%3A400%2C400i%2C700%2C700i%7COswald%3A300%2C400%2C500%2C600%2C700%7CRoboto+Mono%3A400%2C700%7CBarlow+Semi+Condensed%3A700%2C800%2C900%7CPoppins%3A300%2C400%2C500%2C600%2C700%2C800%2C900%7CRoboto+Condensed%3A300%2C400%2C700%7CRoboto%3A300%2C400%2C500%2C700%2C900%7CPT+Serif%3A400%2C700%7COpen+Sans+Condensed%3A300%2C700%7COpen+Sans%3A700%7CSource+Serif+Pro%3A400%2C600%2C700%7CIM+Fell+French+Canon%3A400%2C400i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7CTitillium+Web%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7COswald%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%7CBarlow+Condensed%3A100%2C100i%2C200%2C+200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%2C900%2C900i%26subset%3Dlatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Cvietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 05:05:57 GMT
x-content-type-options: nosniff
age: 594237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25372
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:24:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Jun 2024 05:05:57 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2
fonts.gstatic.com/s/opensans/v35/ 18 KB
18 KB 42ms
14ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 10:40:32 GMT
x-content-type-options: nosniff
age: 314962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18232
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:27:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 10:40:32 GMT

GET
H3 200 fa-brands-400.woff2
www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/ 75 KB
75 KB 18ms
17ms Font
font/woff2 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/fa-brands-400.woff2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef

Request headers

Referer: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614925
alt-svc: h3=":443"; ma=86400
content-length: 76736
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: "63cf8587-12bc0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVveqn2sVNUItLNq4%2B%2Be9WS6zENmgb8CXC6CecZSSpp8sX3zMyvPL%2FhDH0APkn8d2oFKUIukWkLbCk%2BC4yx4viUx40tTTC02p464BmUM5WH9%2BjtQFU4x3LCzp42YUh0zLiknGZWB"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64afa9f9273-FRA

GET
H3 200 fa-solid-900.woff2
www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/ 76 KB
77 KB 23ms
22ms Font
font/woff2 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/fa-solid-900.woff2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Request headers

Referer: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614925
alt-svc: h3=":443"; ma=86400
content-length: 78268
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: "63cf8587-131bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xXXtQSsU0Z5SKeY9ik2SbeWq23wLCru6uBh7zCfkeuXC379SVRKQNEEDtM7EW%2BR%2Bm4YXoTOpJhDzMQmjKCYZhN583vkKe7bklPi8mj%2BMZ96JdESOHq4lFvC5PDNoN9jPC3CsPIRx"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64afaa09273-FRA

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v15/ 12 KB
12 KB 44ms
17ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 15:17:32 GMT
x-content-type-options: nosniff
age: 384742
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12372
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:19:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Jun 2024 15:17:32 GMT

GET
H3 200 fa-regular-400.woff2
www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/ 13 KB
13 KB 20ms
19ms Font
font/woff2 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/webfonts/fa-regular-400.woff2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

Request headers

Referer: https://www.securityweek.com/wp-content/themes/zoxpress-child/font-awesome/css/all.css?ver=6.2.2
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614925
alt-svc: h3=":443"; ma=86400
content-length: 13224
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: "63cf8587-33a8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2hrcBSCe0p2DmB4fPWI65gIQa%2BM5mKAPH6tVpztjMyBYixq416JywNPprDiec4feCkooGWjWDYYpWyep6nObWLzDROI3Xy0xA%2B3gc5lYxfihxFfIUro9RYw%2FnYEig8Tpe3ynCQq"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64afaa19273-FRA

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v15/ 12 KB
12 KB 43ms
16ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 16:48:34 GMT
x-content-type-options: nosniff
age: 292880
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11796
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:47:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 16:48:34 GMT

GET
H3 200 Ryan-Naraine.jpeg
www.securityweek.com/wp-content/uploads/2023/01/ 34 KB
34 KB 22ms
21ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/01/Ryan-Naraine.jpeg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 729f587a1a4059745b0a4a20223ad378acfae8953a39209bb47fca09fb86fd80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 394302
cf-polished: origSize=35816
alt-svc: h3=":443"; ma=86400
content-length: 34661
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-8be8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImrKVIXNFAZnv3%2F2KZ0ygOEOOnhATHvDq9aB7%2FC2NAElgPTrnHgDuWx%2BWKZuov6HE5UJUtm%2F1vLMHjYTRD%2Bz8GmE1mVgvXjkOE5VeCSBk%2Fz2eipXXY2lePCKGHUmVFTBzYUM3%2BQu"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b1aae9273-FRA

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffEDBGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v15/ 10 KB
10 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffEDBGItzYw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e59456a560f58d0b6b7934bfc06e0b2faee5d61e2bdb10eef541dd66bfebe0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:48:35 GMT
x-content-type-options: nosniff
age: 375679
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10444
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:44:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Jun 2024 17:48:35 GMT

GET
H2 200 HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 20 KB
20 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 15:23:50 GMT
x-content-type-options: nosniff
age: 297964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20200
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:28:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 15:23:50 GMT

GET
H3 200 Matt-Wilson_Netography.jpg
www.securityweek.com/wp-content/uploads/2023/01/ 37 KB
37 KB 32ms
31ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/01/Matt-Wilson_Netography.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8dbf228fd3b96810997d6d3e8b9e55e4b183cf9e3c8abe9407fcf1ad58a6979

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 149320
cf-polished: origSize=40707
alt-svc: h3=":443"; ma=86400
content-length: 37815
cf-bgj: imgq:100,h2pri
last-modified: Tue, 31 Jan 2023 01:45:27 GMT
server: cloudflare
etag: "63d872b7-9f03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SS4JNTJ1wKrhgkzzSRoStzDzf6FKNzofWCCzl6ypB8tZo6FVZd4vzwSWd0iKsexMz8wD3tn2oMb64HS6%2BYnxfKCO4%2BwR1TsdH%2Fanp1jD%2FGt%2BOOg024E3tkP9GeHJD3c1Fd7WWlO"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6acd9273-FRA

GET
H3 200 Marc-Solomon_Bio.jpeg
www.securityweek.com/wp-content/uploads/2022/04/ 18 KB
19 KB 41ms
40ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/04/Marc-Solomon_Bio.jpeg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36380ba65c78f1e8a6ee7fd115d7053e7e0ba33f4a5fa1c79d05042fc5db85b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7750929
cf-polished: origSize=19258
alt-svc: h3=":443"; ma=86400
content-length: 18824
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-4b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EK0dDDXiHjdhYk5zmbLunOVjW2EOexRhDkvC2th%2Bs9VVyZeTmiZLo1ofjAN%2F5zNEgbqo7DhI2B1lOs2d8oXNuIlnjzEGzqFu%2F4riBMHOammWqi3EUVPgFRK0jeA42vSHYr628mvt"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ace9273-FRA

GET
H3 200 Matt-Honea.jpg
www.securityweek.com/wp-content/uploads/2023/05/ 55 KB
55 KB 33ms
32ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/05/Matt-Honea.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d7fe1edfe0835429f5f50fa1b03e99bbc8a49041cab3e8e2066381986a253e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 742250
cf-polished: origSize=71346
alt-svc: h3=":443"; ma=86400
content-length: 56173
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 May 2023 01:30:30 GMT
server: cloudflare
etag: "6459a236-116b2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhwLGnmtiQNykhaYqkLAbZXz9PP8BK8NE7XUdRfc2lbu6qjxKB0SmpBIyJlNLPWIbPvtEfSlI6HYm2K8IT4QQlydenSXi7vEGMl6fDldq2xPdnejLJcXix2FNheDqPexMIZranuU"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6acf9273-FRA

GET
H3 200 John_Maddison.jpg
www.securityweek.com/wp-content/uploads/2023/01/ 21 KB
21 KB 19ms
17ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/01/John_Maddison.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b749080eccbba106c6b963a2a605a8f07f24d53d0fff888668a26347ef79e0a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1079812
cf-polished: origSize=22567
alt-svc: h3=":443"; ma=86400
content-length: 21507
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-5827"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwHcdoIE1XBkNOE3urX03O8Q6kP7oq5u5veGvRagir%2BUtBGs0wxnnJtgaIRLIO%2FSU5W76LjFdhKbWmvM48paZVsYLJNWqDKt9Maa7V1o%2B72x%2ByMBpHk31%2Bny1MgvXssi1GwqS4kh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad09273-FRA

GET
H3 200 Josh-Goldfarb-F5.jpeg
www.securityweek.com/wp-content/uploads/2022/04/ 48 KB
49 KB 19ms
18ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2022/04/Josh-Goldfarb-F5.jpeg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f84d0f2e23ebc9a3110529d50b9f83e99068e754b20c81ff8fcf7f078503aa0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1148998
cf-polished: origSize=53022
alt-svc: h3=":443"; ma=86400
content-length: 49605
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-cf1e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wRjMZkFjP7EcZUWDPxLGS9rqC3bRcz73Ds6%2F6VlsZ%2BEQAaoNQz4r7wOFTPRle7js4es6tvLD9clBk2hxOuS6dwdPe6c7mqgU7itxxbWU%2F7nnakrTGQy4ac91U%2FhrqUCwbzCWecb"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad19273-FRA

GET
H3 200 security-week-post-3.jpg
www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/ 28 KB
29 KB 20ms
19ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/security-week-post-3.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ca4a11275a23a206f19f1198085c7e4f7aab8e1e548142e0139075db8e4bd08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 681273
cf-polished: origSize=32072
alt-svc: h3=":443"; ma=86400
content-length: 29148
cf-bgj: imgq:100,h2pri
last-modified: Tue, 31 Jan 2023 09:20:54 GMT
server: cloudflare
etag: "63d8dd76-7d48"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maKKWussLNysvvibx3l8hwtmkrLa7mxcUhGU0yDB3Xk0BKHE0hoB%2BfRiGRAj1tpC1vcibPCD634ye5D2oCljs6THUsmNFjk6DOOnYoivZ7KuEfcj9lEutBVBAVH9mJvgX64%2Fbakd"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad29273-FRA

GET
H3 200 security-week-post-9.jpg
www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/ 30 KB
30 KB 37ms
35ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/security-week-post-9.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f9a67517ecfcb0be94790de37e8716ba1234d0d1588cd5032267d3dc3570ca7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5088713
cf-polished: origSize=34588
alt-svc: h3=":443"; ma=86400
content-length: 30269
cf-bgj: imgq:100,h2pri
last-modified: Tue, 31 Jan 2023 09:21:03 GMT
server: cloudflare
etag: "63d8dd7f-871c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NaYldD9qUN0X9L9X7THbSb6b2ZEWlIGwkDEXmqyacRQDFMLXNzTOL6PaT0QJChnD65pdgF7cyyIB2uidxcbWcX0gxuXPRFILkmK7BUsa%2BLSEmSdXwTUhEJKYK%2BFAfsTFQuiL1Qla"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad39273-FRA

GET
H3 200 ChatGTP-malicious-use-600x337.jpg
www.securityweek.com/wp-content/uploads/2023/01/ 33 KB
33 KB 39ms
38ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/01/ChatGTP-malicious-use-600x337.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c75a31e3f6d090c275a06c437a95f40b8466660ba22a76fa7baf5d0a8c5e667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7327094
cf-polished: origSize=37352
alt-svc: h3=":443"; ma=86400
content-length: 33337
cf-bgj: imgq:100,h2pri
last-modified: Wed, 25 Jan 2023 15:57:48 GMT
server: cloudflare
etag: "63d1517c-91e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzOYmTmqDHFfCB917yAmlL9DoWrr%2FrXDZhE3BM%2BPQl3UXKu3wKIfYlyXR79LitWoIcrGbOEj4EBY6mSoCyGsl%2FBmWaHlaikmr4O%2F4cAMXKAzeDbdzwvoquENx5U8RIp%2Boj4zqs7GoNt1Ueph%2Fsl7a6eN"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad49273-FRA

GET
H3 200 Supply_Chain_Security-Insights-600x337.jpg
www.securityweek.com/wp-content/uploads/2023/02/ 32 KB
33 KB 40ms
39ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/02/Supply_Chain_Security-Insights-600x337.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c54a59e40672f3e9158d83ce46b4546b4773cf9057289a077deafde1549fa2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 924947
cf-polished: origSize=36289
alt-svc: h3=":443"; ma=86400
content-length: 33096
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 Feb 2023 03:21:29 GMT
server: cloudflare
etag: "63db2c39-8dc1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yC8cOMyqS1vIiq4M6BDGDKRturSaN7ZX9XVjaIIv6tJeCSSdtvibnm4WGdjNiDQh9lcBEhzhSfpRJh%2FavB%2FyJ4ZO%2B5MbibqNoByga8GAs2fV9jUIqsDsNeIfc7YewsbmfR7AhBB%2B19By4UdiZLJ0oT6"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad59273-FRA

GET
H3 200 Microsoft-Building-Logo-600x337.jpg
www.securityweek.com/wp-content/uploads/2021/01/ 63 KB
64 KB 45ms
44ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2021/01/Microsoft-Building-Logo-600x337.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cfdb39bb3eb13db74321ecda02848dfe1ac333ddf2d4fde72459c7860fc808b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4453436
cf-polished: origSize=73465, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 64731
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:16 GMT
server: cloudflare
etag: "63cf8584-11ef9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WA11RbZoFTlDNCmP7NY41O5lGKlA2evfqQKVYarXrkEVj%2Fsq6Q6jHLL5yXFd1X47HUi46qWFKb6M15u8%2FBgSiXX7bvz6ovjA16zWyaM1GHydngqc%2FNjtXB6sg2P8R3cUt7dxvU7r"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad69273-FRA

GET
H3 200 Apple-iOS-macOS-Patches-600x337.jpg
www.securityweek.com/wp-content/uploads/2023/01/ 17 KB
18 KB 42ms
41ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/uploads/2023/01/Apple-iOS-macOS-Patches-600x337.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30e4e62c03cf6890643d49d4329f94513b6536d9127ee8f31e2e1d92f3235f17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4453435
cf-polished: origSize=20225
alt-svc: h3=":443"; ma=86400
content-length: 17707
cf-bgj: imgq:100,h2pri
last-modified: Tue, 24 Jan 2023 07:15:15 GMT
server: cloudflare
etag: "63cf8583-4f01"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g8O9vF9hPPKhnkhYzdiyPGqS4nh8gV0yqw%2Bdld%2BhWGSTmQhFQHhgOWZ7tiVTT2YyT1rXAdIvkjwmtGLx42F9SpoZTyOV65jWfzJSDtDN3TzAwyOKcyrN5Li1QZbMR6H4FmALeQO0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad79273-FRA

GET
H3 200 security-week-post-5.jpg
www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/ 84 KB
85 KB 44ms
43ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress-child/assets/img/posts/security-week-post-5.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e46703792f70be4c48661281c43ae7bc4e87cf7301e701fcdf3ecd813633ed3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 681273
cf-polished: origSize=89692
alt-svc: h3=":443"; ma=86400
content-length: 86454
cf-bgj: imgq:100,h2pri
last-modified: Tue, 31 Jan 2023 09:20:57 GMT
server: cloudflare
etag: "63d8dd79-15e5c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0wrzg5FudRaZjM%2FRVVtKbt3k4YcRaNKGcHbYuvrzq8TD3k13z2WKKFLwtEbV3hah3%2FTSFXEuzVX0679TRNnMsykl%2FLCt%2BGgYiCIJB%2FmN8mEOrBRabEZv3MGTJjObdLC8lCB3SjK"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b6ad99273-FRA

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 19 KB
7 KB 61ms
42ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7da8b64b8d32381a-FRA

GET
H3 200 mobile-detect.min.js Show response
www.securityweek.com/wp-content/plugins/popup-maker/assets/js/vendor/ 38 KB
17 KB 63ms
56ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/popup-maker/assets/js/vendor/mobile-detect.min.js?ver=1.3.3
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebd21fd785e33300ae6571194031810c2e87373fb139b681888b2423d78a562b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 14 Jun 2023 19:12:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 540566
etag: W/"648a1127-981e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6F8xCcgRI39W8jdz34VAMx2x%2F4jFeRu0J1dY%2BYZ0DRQJek2Hf7XczAV%2FoUD95UZlq8PvIYB6XEzIXOnxiZ0u07KgdIa7XlGLSvM0oVvPaFZzn4mtc54%2FBxtyv1PWsTbsNNumVztj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7ae29273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 pum-site-scripts.js Show response
www.securityweek.com/wp-content/uploads/pum/ 68 KB
18 KB 64ms
56ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1686771112&ver=1.18.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c09f40aa9ac3105f86ea363d58ad2a81f5d5741b810786a1a6291e7dd9d43ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 540566
cf-polished: origSize=69803
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 14 Jun 2023 19:31:52 GMT
server: cloudflare
etag: W/"648a15a8-110ab"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hqpk4AyDkO8EOLUJJfduGU07C39UyMP85qNKhsY3z63GtD%2BtA48jXw8UnouHSqRVjLNFBOCIr5g7TAegUK5b3z4CdIdM3a3kudEjjDCfKEVKhV42QdevflOFXgHoqnDWDKmKySee"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7ae49273-FRA

GET
H3 200 lozad.min.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 3 KB
2 KB 48ms
39ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/lozad.min.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4652334
etag: W/"63cf8587-c17"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OpAcpOM49%2F14L1UgjSrsyEDKmh5Rc%2BRUL5d6409jBaS3WySVaZ3B7X%2FLB5tkkXwIBa7a4ABJ67%2FiblMOnj1QjTP6MtO482Z%2BOcRNgS%2BzpTEEX9k17smYOPqeFxBuCg6OnoXB%2Bqg2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7ae69273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 intersection-observer.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 10 KB
3 KB 48ms
40ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/intersection-observer.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e71d11284fe33d09fe11d031d1517b0383750bc5dba2faf77e87f42a609a1b68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12608846
cf-polished: origSize=22304
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-5720"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puYf794r8DEDXRmrIfc0bFpt8x9Xlu%2FHoSVissuu1m2rfFsvL4i1LlsSn4Q%2FfBlpTxKLFSybOvwQtUSRvFwhqw3lz%2FN13OSC14L7tprgKrj4FwUJEoECd8mK4tHpGcjeKqyZ4Pqd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7ae89273-FRA

GET
H3 200 comment-reply.min.js Show response
www.securityweek.com/wp-includes/js/ 3 KB
2 KB 49ms
40ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/comment-reply.min.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1799896
etag: W/"63cf8581-ba5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4n1sPc4eUHtiNhnMB9GeqzbuUe19irfBLhLUfOQXiHon2yJOqBLeYvUAqh4Us3n9wck0G1BcImZgqXJy%2FsIN%2BNJ4RxO9spOEBdWKepKFBqO8omydevevRbzOicruJ%2FOJS6YAN%2BCa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aea9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.infinitescroll.min.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 21 KB
12 KB 49ms
41ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/jquery.infinitescroll.min.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1799896
etag: W/"63cf8587-54c9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cq0q0p%2BOm0N8CALvzX7Xko5snqTxpijw1HAWa07tr61kGK5vlToBP4ltMg9X7RZ6GUljVBPeOVv2nhir6rRYvQ2ZUU6Oweer6xYv5gVfzCbCEQqx9EjLe3TNwpuu7QuEiFvUZIYy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aeb9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 retina.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 2 KB
1 KB 50ms
41ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/retina.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6d935c5494a7d6121e463f319ac4882f805d38989d6dac70ec84a29a203d2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1799896
cf-polished: origSize=3104
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-c20"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2F%2BcTA80O8r0Sp29tfyPnD7xJUNCEix4ijn8yYQrQsysE39zZfB3QUhy75TqhQUNWQyJgkR5jutEHw9JnhJ%2FsLG7dRxqZcd0A8hs27jJ9yH0ndxz%2FJkVCqhVYZExAiIenDuy69r%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aec9273-FRA

GET
H3 200 scripts.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 73 KB
19 KB 50ms
42ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/scripts.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37f724a365094e5859ef50dba7afe3764412c6cc9931a8abd7d9dc85751fd881

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1799896
cf-polished: origSize=113963
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: W/"63cf8587-1bd2b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sk0FWhbksy5%2FdcxkvY2HeDpxTEy%2Bt423aGUBNsb4eDIGY0aeBlb1Z6ar044D%2BPwBf3DYXacF89bcb6Su3Kbj3OSsAaJizYP3h6yKGQWsaJxgd9esWDwiLBtcqlragvSQHRjpX76o"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aed9273-FRA

GET
H3 200 zoxcustom.js Show response
www.securityweek.com/wp-content/themes/zoxpress/js/ 0
447 B 52ms
43ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/themes/zoxpress/js/zoxcustom.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1799896
alt-svc: h3=":443"; ma=86400
content-length: 0
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
server: cloudflare
etag: "63cf8587-0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqxrms%2FRtq30e5Ul8XahCpaV3c%2FIVk%2BtnjOjGxYOknTkDZBanqItxyFghSsCAg1ncBtRqhC0fPk11%2FTyOLirZBMkNDoft2roH6MKfg79sGhIThdys7lIqy5bhRDbQuvWBKzt9l5O"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7da8b64b7aee9273-FRA

GET
H3 200 reviewer-widget-users-reviews.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 90 KB
32 KB 52ms
43ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/reviewer-widget-users-reviews.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71a9929c39f7b0020a343a7cd3685ae547fba1f21596f7982ed2c1ded802be03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614922
cf-polished: origSize=92382
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:26 GMT
server: cloudflare
etag: W/"63cf858e-168de"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kaj3EQ8qDZ7tWQ6h7rChx05GcTUzJcxiK4c8ToCanzfkEQEYvQSWQmTuiolnQGnT%2F0F38e%2Ft1rXjCkyI0pRi6V%2FOSi9w7LGymbc9z9aHCdTlW8vJbEmNwiGP5zRm2gA1umo5qBkQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aef9273-FRA

GET
H3 200 reviewer-reviews-boxes.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 131 KB
44 KB 67ms
58ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/reviewer-reviews-boxes.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0b1517dc148ec4fdcceacae881103ffa7e54e74c32c7dcde5cdc9826ea735de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614922
cf-polished: origSize=134499
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:26 GMT
server: cloudflare
etag: W/"63cf858e-20d63"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5p0KuidoUX%2FSsyqFVFYqiOfornCG0pJ3VppMjVMU9aOtADQ5axeAlSNwJ%2FAA3QYRYt7OPssnhUc3usFotcRMDDDeFN%2FmZFceE6skD61aEwbuLoo9oMbiLnmxPnq7b%2BCLZPMA4fKH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af09273-FRA

GET
H3 200 reviewer.public.min.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 4 KB
2 KB 68ms
60ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/reviewer.public.min.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4cd14927179cd88891fae3057a4ce4a7cf499af73f65c3b2e83f32e1598c0288

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614922
etag: W/"63cf858d-e80"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX5W%2FltpNxxIzEckgxCNow%2FU5arXqmRkILbj85VcweGiJYagn7eZS8U5lEPeol%2FBfZSowwQ4RLkvbU95NJLeikxs1bhRfqYfOdjzvL3oH7UDGtYTYSPONtoTHrAcITU%2FGouaFo%2Fn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af19273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.knob.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 11 KB
4 KB 68ms
61ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/jquery.knob.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a83f279ffab2866365df78e9244339e46d7752b13e43db75ca5200f9a0ec07e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4652334
cf-polished: origSize=24920
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-6158"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ecn%2BMhaAspFWiTbeDvtJL%2B%2FEvSfb1Qoxy%2BvuXKYZHXgDEA0bUyN2zhXswqss%2BIOhSSVBiHiY8qd%2F%2BAM0%2BRtgnV8emMIbr0QdfMfhYShXopNzBrEygbZa86T2KvPBgDr09oddYURO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af29273-FRA

GET
H3 200 photoswipe.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 40 KB
16 KB 68ms
61ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/photoswipe.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf01342c724e6c0d84e911d3451b078576a3208c7300378ef80138089e6d79e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614922
cf-polished: origSize=41387
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-a1ab"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlfRqSEc2djOZRgcJ1UTZj68ppiw2dGmhlYXgy2yMw5uUSPIE%2FQiSJI7zIqu3UJJBGrI2WQeNtJF5lWptuvflX8AljGbaJ8Gf6A3WHz44dFF7ekeeUQwxEdggY9GAOlZ1JnoeNh7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af39273-FRA

GET
H3 200 jquery.nouislider.all.min.js Show response
www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/ 18 KB
7 KB 52ms
45ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/reviewer/public/assets/js/jquery.nouislider.all.min.js?ver=3.14.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbf94e5438333ae008e9b742cf1dd74dd310f7385ebe6f9ef4fdc82976de34a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614922
etag: W/"63cf858d-466e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFCy7OL3l6QQmcV5Gr7V0kAjSONJCNjrn0%2BK%2BOkSxvTt3Ad64s5dWhaCSqzL28oL6fde1%2B8g1IqAZgg2cjOIg03KneEexde%2BfGhhCfnDWjusScXSpqOcaoUQPBepnouh1tAm6n6q"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af49273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.waypoints.min.js Show response
www.securityweek.com/wp-content/plugins/zoxpress-plugin//scripts/ 10 KB
4 KB 53ms
46ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/zoxpress-plugin//scripts/jquery.waypoints.min.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42656c5a534309426b3c5452b07c4013df29165e754e36e51d724ad962bebc1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1799896
etag: W/"63cf8587-28ee"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFThmHrf%2BZUqTmHhQ922oygc3Q4Cu1shfigyDKtC%2BjvghHI%2BY8QG2Am2SFiIiClndDIuIlBK0qfAgk%2BTORX9Aet6sSJ2KqmqFI%2FqCs9ebRYzEWUvfqbsg%2BCD%2FjsdjKjQ0qXU1v5S"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af59273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.sticky-kit.min.js Show response
www.securityweek.com/wp-content/plugins/zoxpress-plugin//scripts/ 3 KB
2 KB 54ms
46ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/zoxpress-plugin//scripts/jquery.sticky-kit.min.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e8230f2d1e6e230d63f5bd3091ea092eb8d1f447b5f6c84c5b776cf4f50a65d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1799896
etag: W/"63cf8587-aee"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdAckX3piFsHZq54Zt3YYVM3JFXKWvvASonCQMiTWp5nrOOYORot5F2dPfbsllz1H1r5QlJiDJfwf6iPnv3RCUcFM%2Fxrhr9OhUe9%2FJJEhjk2ghkRiyu3cE7CuPMWXE%2B5WvkLrV4W"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af69273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 authy.js Show response
www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/js/ 6 KB
3 KB 54ms
47ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/js/authy.js?ver=2.3.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7b4f4c6aced0be2cc9004285b53f58cf62f74012a321e86938f12719fe1113a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614921
cf-polished: origSize=8883
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:20 GMT
server: cloudflare
etag: W/"63cf8588-22b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SJnf5D7tw92FCx3stoGwEs5ubeygnh7S6Chd1dM2%2BvgYdJ6NABDaAwKzHdn2xzf3IXWBMsolFa32b7h9%2FynFAwBYYSJONbvaxdU6yVPbfeoHqPIWx794aEySUmwIUWh7XGTd911d"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af79273-FRA

GET
H3 200 intlTelInput-jquery.js Show response
www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/js/ 42 KB
14 KB 54ms
47ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/wp-2fa-premium/extensions/authy/assets/js/intlTelInput-jquery.js?ver=2.3.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e423a106197def7cbfe1ae2142caf48a39478ddfd3e4e81b7cb033db5bea3c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614921
cf-polished: origSize=85819
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:20 GMT
server: cloudflare
etag: W/"63cf8588-14f3b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0vzNoO4FCFW8RarOt%2FENAcVwk16aYdgC%2FXQKDLA49w92pz1oRiJpU0b%2BzBCAeoy4V1B257kLokCzvvTCMPLSs0zKDJWHVrQ2M%2Bxjohm9m6gu12pOqFv8i1AIUARKX80IpJSV1h5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af89273-FRA

GET
H3 200 dialog.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 13 KB
4 KB 55ms
48ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/dialog.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afa9c32be463f8f904da58a52ffdd8e60d68273959cae633bd89efbb27fa5b64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-329f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KCf%2Foz5o7myLhnArtiiJGuh1v3vfOeDWEEbqFI8hwwwPh2XQM6k2gDn%2BhPxMBY18SIAIDB2s%2BH3ervHXwUVDNbznCmPhnwb%2ByI1aPWvyaizGq3D4oVOr0KyHat%2B0zd32nU4ldy6J"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7af99273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 button.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 6 KB
2 KB 55ms
48ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/button.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2793a7736c4421efb5ec1f639c9b19a081a6b7a91097d4459149fab67c47b9ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-17fa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TduYYKN5YZni%2BFxh71foLe9wEB6ww%2BcJriqiXwEHdPEkwSJhXgb6w0OPqJCefsNapV1p4Hf%2FTdtQdQ4WgzD%2FmIVyRgJg3CiMa%2FvWvm6EVupMrg3RPQGKjAtSHpcYTcj0omQGuY7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7afa9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 checkboxradio.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 4 KB
2 KB 55ms
48ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/checkboxradio.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2f925db6119917230e885b016055a6a324d33b10585d5c7f106665ec157754e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-10d5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgqgRevSC0SDyGYdTWD2Bldz7iUnTn%2BHolHqqg56dSF0uQtr6Mu4IVgvz4R%2FIo1tCS%2F%2FMXklefqiZjug2W7h6gRLxpoBFuKU1B2QqUXRu6uSXO1pYnBzS7C5HOD7em9Dm8LOLCr3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7afb9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 controlgroup.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 4 KB
2 KB 56ms
49ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/controlgroup.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da343c70bf28bee6a1a9238dd5147b190b675a523e525e9a52b2bd9aaf48e4e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-1126"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMss73OM4HxrLv1NicWMy0XTUdRoGxofP80Pc848S2X%2F1FHtcqp74PTqFPo8ZCJSGuTVHZleG%2FQWZn%2B7o5DIvEEzptHxZBIRyaJ1IczZLMCletfWYnNA3wP5AgFJJWWox4FfkiT7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7afc9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 draggable.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 18 KB
5 KB 56ms
49ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cea32499cc55e5232ec287c438644afef28297f4248958ee32906dd34ae5f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-4794"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o8IQb%2Bh5rmQwdi8kx2EwmTK8xi30Ty2zqyonSfR6%2FSAYSvOU7doHmB6kYLowJ%2FdfUzhFvobq6T8P%2B2mMAovXUHodzram8KaYtJRHyOxGrVrdV6CNEifjIUcOwctCPlLpilNDq1Ev"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7afe9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 resizable.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 18 KB
6 KB 56ms
50ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/resizable.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 706e4d8669d29a9e13cfb13a59b6c1341ec80a08c9c10eaa465756366006f327

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614921
etag: W/"63cf8581-4911"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wBhjAeDq3GbdTo1MwGdU1vJmdbP0rx5nVvH19zvs4gdsAy06wu2K3zVPb4HEk1N1jqzoxWvLmWnxRf7Kq8aqGBY56IvYwRHBmw7hoA2e5F2CDEXy9FG9nieuapiKq3yFjWlEgiX9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7aff9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 mouse.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 3 KB
2 KB 61ms
54ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 809ec973a018b6bf8ac18e74bfffc3d25182e6f44df00128d531cf3e07570ee6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 8914743
etag: W/"63cf8581-d4a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5LoAXEv%2B8iBqmtn%2BAq4oarFQxzUZ%2Fmuc%2FnCJuxjvTHWeZl51Vi%2BKglZZmgZyt90Nw3ZsNRunHpzEWrTeGCNqyLoI6XQvRirLCGlwgC1CDsinW%2BbXSMKZJpe83tZGK0THYFFbwa3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b009273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 core.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 61ms
54ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 431056
etag: W/"642d3aad-53be"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=19kDRixVtSC6nt4tgfybaSTGBr3O6tfimMKqdjJsCMb9d686NoHW5NH5AoQVmFafPoVQ%2BCLmH1kNvVsIQI6vVT9%2Fikr5npTcdN9dAk0J662mAh%2BtLgyhHqPOLYAzbt4VcSxq9rM1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b029273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 main.js Show response
www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/ 341 B
676 B 62ms
56ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/main.js?ver=1.7.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c860a1505343bc4dc80a473bfe23f625da447d71af4db67b529065295d5171

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614921
cf-polished: origSize=435
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-1b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmQ5cmNyozsy%2BDnybKCYmJ1SeBBNbNv65S3PLyys1dZMciW9yRCryAC4w%2BOQrm9yYMGITIU9HXeTXRLeCTTsF5xj%2BdyYmtw8LuZo%2BzHBwoxzMfumRbmN8u8jIleqgQ1ehw545Bky"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b039273-FRA

GET
H3 200 theia-sticky-sidebar.js Show response
www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/ 7 KB
3 KB 62ms
56ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/theia-sticky-sidebar.js?ver=1.7.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1ad56a192cfb796852af711e1326b02a9af338326a60fe291ca65fe8763ddda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614921
cf-polished: origSize=15926
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:24 GMT
server: cloudflare
etag: W/"63cf858c-3e36"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bGoXToC%2BXr%2Bu3TFDaT3RPnt3VeEkR%2BfcpchJ4Z3ytmG00B2T%2BqIrFor1L2fYMSqZa%2FF8Qaca9em933diPROw7IIkF7r18vGiIR%2FdH2rImuxFMLKmi8MyUKZ9g5a1r1qbK48ULAR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b049273-FRA

GET
H3 200 ResizeSensor.js Show response
www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/ 3 KB
2 KB 62ms
56ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-sticky-sidebar/js/ResizeSensor.js?ver=1.7.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb4bd4419d686ab440d7ceb2101dcd4155b4f18a12c99052a44fb503c349afed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614921
cf-polished: origSize=5955
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-1743"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2B7bs7R36hwDki61x%2B81AwS05gyQ2XuE8fpZ%2BiCvVwXuRUdNlct5rbKa2h0WThOELGWyzGGg0OZZPSoS7EbjWVqYDbDN1PcqlUIMr7gfjfGlwerG5J3fvmJAGsglqt7ZWMr8NZSq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b059273-FRA

GET
H3 200 security-week.js Show response
www.securityweek.com/wp-content/plugins/securityweek/assets/js/ 362 B
696 B 67ms
61ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/securityweek/assets/js/security-week.js?ver=1.3
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35fa213f71b954999771aef54be9c8a4c7d793353ea3f575cb116d00dd58f2b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4652334
cf-polished: origSize=608
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-260"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJvOpmEIJfNWH1hyzZOU3t7EvAyi8pCTcs8yEhgxlHOcxaEcLpf%2FkE7fXaxid353jGxvuJPhnPnGNcCkZuSwmM4OKmh9LS%2Fsrv3NaC9XThzKfNghHHj0%2FP4knGwi4w4wfiLfXu4X"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b069273-FRA

GET
H2 200 5319632.js Show response
js.hs-scripts.com/ 1 KB
1 KB 682ms
394ms Script
application/javascript 2606:4700::6812:863b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5319632.js?integration=WordPress&ver=10.1.23
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:863b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d2334a37c0822debb6349ad11fc5ad53f639f59c0819c85bf32a43bb0d9673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: br
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 40594e55-c35f-49c7-8f23-7d81b967d3dc
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 33cc633c-f698-41c1-b307-d6b96046b8a0
last-modified: Wed, 21 Jun 2023 02:08:14 GMT
server: cloudflare
x-trace: 2BF9483AE0D04D5906F6C276DECFA8E98770C22093000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.securityweek.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-598c95b5b7-z9vjn
cf-ray: 7da8b64d3c8d371c-FRA
expires: Wed, 21 Jun 2023 02:10:55 GMT

GET
H3 200 comment_embed.js Show response
www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/ 878 B
866 B 67ms
61ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.23
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4865883
cf-polished: origSize=1232
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 25 Apr 2023 18:24:46 GMT
server: cloudflare
etag: W/"64481aee-4d0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71rnW3nC%2F%2FdQCVwfhr0ycnpxlpF9onvz0NBtia0G6DnCfwbBcbttLSszuBy2WcKOCiAivrT2dO6blOF1w5J0ajpgWTXGO7OWey8d0lOahVSy%2FzTTDFiPxSDGlxoVw4JtfEzdm0jlFY2J6SF25o8qEptM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b079273-FRA

GET
H3 200 comment_count.js Show response
www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/ 708 B
875 B 67ms
61ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.23
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4865883
cf-polished: origSize=889
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 25 Apr 2023 18:24:46 GMT
server: cloudflare
etag: W/"64481aee-379"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMAsXE4qzb78mkVDM5lt%2BKKUNvf%2FosnnrGm0p7lw9gvGLqeEYhKzZ0mOjj85PZkJ54W3uaRQ1zdDln8ydmeDvUe1ypvI%2BAZfWJ%2BG8dtQH8v9XRkA0XyrUUOiDFAv4iYyIwcaRvyQ33wAC8NbG22qtFZF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b089273-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 254 KB
87 KB 76ms
39ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9QV8NZWNBC

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89346777ce7c6f26210392c9b07bc408233e16fefe02d4402a10dddc2e074555

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88724
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
26 KB 305ms
23ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63cff890e621a5082c7f3f4b29efc9d623227bee235bda3884d058013ec6aba7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26514
x-xss-protection: 0
server: cafe
etag: 968 / 19529 / 31075400 / config-hash: 1544050516619323650
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 173 KB
64 KB 63ms
26ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-11590534-1

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

46e29ba0653b5e94e76889eee60f21f26035183a904687ad5e902ad870f261a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 64665
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H3 200 wpp.min.js Show response
www.securityweek.com/wp-content/plugins/wordpress-popular-posts/assets/js/ 3 KB
2 KB 67ms
62ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=6.1.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614920
etag: W/"63cf858c-bd7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZksPkMQqpD8lu8oEze7ZK1MbX1VXXuP4hbQ2qWe2CjrFGwVdeCt%2Fpdz%2FZ80HBooxQnJOvVDA6jnljvgnXNK716YKMXaOO2%2B7n%2BHvyBW5auUL1R9BOJfySQnRF6%2B48eWo3Jh12iL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b099273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 tps-transition-slide.js Show response
www.securityweek.com/wp-content/plugins/theia-post-slider/js/ 2 KB
1 KB 67ms
62ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/js/tps-transition-slide.js?ver=1.15.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f50b7e2dd83cfd38b606d2eb70bcb99dd4d4c462295db0baecaeabe7812e8f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 705860
cf-polished: origSize=3219
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-c93"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYmb1WxltUlmSk2dj6Fd2iGt5Q%2BGzTNfENgntHI%2BcPlua3RrDfG%2BROQWlxJFnKZvuO9jl4VFG8cTBJoZRuAhBMlFxBA9OfUR%2B2ip8YVEQC3VwyJFBIiEfSfsLPnapHLtfteu2S9E"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b0a9273-FRA

GET
H3 200 main.js Show response
www.securityweek.com/wp-content/plugins/theia-post-slider/js/ 707 B
820 B 67ms
62ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/js/main.js?ver=1.15.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2914edb33157588c8d440c36f1ea06652c133febd1719a344d79d078ec6c41a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614920
cf-polished: origSize=1036
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-40c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UOeaAKZxu2eis8zqwPOl%2BAegeYMUrf%2FnhY1xQLOJ2r30cCL1q%2FcuF6DF%2BhZcf6n7i2kGNhkxPnv3O7QI%2BSXXgANbY%2Fj3%2BnhKQD6RH%2B%2BFD%2FHSU63OXvBJZ1mYrx9w0j3iZCfZ5za"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b0c9273-FRA

GET
H3 200 tps.js Show response
www.securityweek.com/wp-content/plugins/theia-post-slider/js/ 17 KB
5 KB 67ms
62ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/js/tps.js?ver=1.15.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41514feeb38f4f3d0fcc41d00d04c744e0e534930b030ca6efc0eedb892022ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4652705
cf-polished: origSize=35644
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-8b3c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDImQTDymAxN9C%2FyZEK1sAn9hb2rxZNqgq2vXSlRXAkTn96s3ODbY5uE2JHhpGIiZljObxybRmhEUPR6E7IiT%2B63fNhB5%2BR4cOO1JDGN2xwT5QFWicxvozIZqBHrvO09JKz7apO4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b0d9273-FRA

GET
H3 200 async.min.js Show response
www.securityweek.com/wp-content/plugins/theia-post-slider/js/ 11 KB
4 KB 67ms
63ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/js/async.min.js?ver=14.09.2014
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42f8505b4b6d5476091672c8ebc27d1ed2b9d21a68890145135578a6737ef053

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12614920
etag: W/"63cf858d-2c43"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KZmhXHZdWxpBL0iz%2Bl9Kuh1dOFUFGJCf%2FkR1f0kY4uwzgRS47JkhArpkrmsRw2UG5lNzmuO1MjDRs9KtmeatgpAMPUp%2FJ6O4DBHHfWCZbDIQCK5cnizJ9aJZyvtDxp4VmTt7I5%2Fy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b0e9273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.history.js Show response
www.securityweek.com/wp-content/plugins/theia-post-slider/js/balupton-history.js/ 22 KB
7 KB 68ms
63ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-content/plugins/theia-post-slider/js/balupton-history.js/jquery.history.js?ver=1.7.1
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c54ab568b73e88af409e7615e9c6730d701234ebe9d64b131a08fccb0bef3deb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12614920
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 24 Jan 2023 07:15:25 GMT
server: cloudflare
etag: W/"63cf858d-598f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6aFYfC1O35237xOnZLjxipiiTOFpjen%2BqL5PbpW5M1Sq5mQ5yMM6esocR4sqWzyavGhhKk2NE7Bckwy3qzdua68SOmfdtzkXoNqtiW5HJiPPvvbxLbV%2B6%2FmYroOtJ4mFF6PXheak"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b0f9273-FRA

GET
H3 200 jquery-migrate.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ 13 KB
5 KB 68ms
63ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6627415
etag: W/"642d3aad-3470"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lovANawOXJzqJbFGbbws97IkcxnfjvyH8Rec%2Fh90TAuUd9FKU6J5sDAeWNWdqLJM8eEWLscSHZQn3mocLdBRD4jPsS5EMg38bkJaqzqoXq3VjgDXPfjN%2F6zLrvaQCQosKR6H6wZb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b119273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.min.js Show response
www.securityweek.com/wp-includes/js/jquery/ 88 KB
32 KB 68ms
64ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 414716
etag: W/"642d3aad-15ed7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Kv0Bpo20tV%2B8GfthFCGImBQTTHPDu8KlcRfFNxFgL6BwNtGkFEgNhnernVhXtFj82S3syzA9h0GU890PdTDyiYsH3oF6UggYsrc7D4jN0%2Fw7Wy7l1pUDvsCZs4Yg%2FSxdSeGYjzy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64b7b129273-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 wp-emoji-release.min.js Show response
www.securityweek.com/wp-includes/js/ 18 KB
5 KB 21ms
21ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 Apr 2023 09:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1799895
etag: W/"642d3aad-4904"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCFObmabbVn4x2OfCoePzZMRWsylmRlx6HDaVRnBPCoPSJYjlaZEQmWY6oJv07jozUxEQk%2BLVhGcuT04tKJSdmtOO64ueXWoPhbTgZf4fcH71WOj4AOPVzKujSlawT6q8Ir%2BqEeS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7da8b64bfb429273-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 app.js Show response
ads.securityweek.com/ 67 KB
13 KB 58ms
9ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.securityweek.com/app.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: 7d9b7ee9ae860b2f27e08578dacc166269ab838417994fb62c568ff40245b5a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
last-modified: Fri, 17 Mar 2023 20:55:24 GMT
server: nginx
etag: W/"6414d3bc-10c8e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Wed, 21 Jun 2023 02:39:54 GMT

GET
H/1.1 200
OK count.js Show response
securityweek.disqus.com/ 1 KB
2 KB 48ms
9ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://securityweek.disqus.com/count.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.23

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=300; includeSubdomains
X-Amz-Cf-Pop: DFW3-C1
Age: 36
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jun 2023 13:59:13 GMT
Server: nginx
ETag: "648c6ab1-367"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: FFcYD7EaUIk7h122BmK8V3HZQ8Mg5u5oJJ_GEgV2Q53Zc-1gbMCjwQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
86 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-M1YM36C8RW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-11590534-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f440f457a683e6429e2915673843aaed6837e8691dd1a6e6140bedc848cd8847

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88015
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 37ms
9ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-11590534-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Jun 2023 00:35:22 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 5672
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 21 Jun 2023 02:35:22 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
258 B 52ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9QV8NZWNBC&gtm=45je36e0&_p=1282409227&cid=420308831.1687313395&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1687313394&sct=1&seg=0&dl=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&dt=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps%20-%20SecurityWeek&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9QV8NZWNBC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK embed.js Show response
securityweek.disqus.com/ 78 KB
25 KB 18ms
10ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://securityweek.disqus.com/embed.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.23

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

b0096241d1705380fee10a013af1e0dc924066551fef883ec96b0b7503c81ad2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:54 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 100
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25395

GET
H2 200 ;ID=179018;size=970x250;setID=593294;type=async;domid=placement_593294_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account... Show response
ads.securityweek.com/adserve/ 2 KB
1 KB 32ms
31ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;ID=179018;size=970x250;setID=593294;type=async;domid=placement_593294_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;atf=1;click=CLICK_MACRO_PLACEHOLDER

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

76e0c53e6627c3cc0846a14e7c40f8d5d550ae674df4358cb7b728a5d4e6de07

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: application/javascript
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;ID=179018;size=300x250;setID=605204;type=async;domid=placement_605204_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account... Show response
ads.securityweek.com/adserve/ 2 KB
1 KB 30ms
29ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;ID=179018;size=300x250;setID=605204;type=async;domid=placement_605204_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;click=CLICK_MACRO_PLACEHOLDER

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

49cb5eebaaf72aa1db4742d8baa9aaeceafd720fd9ded2a97cc507b3c74b702e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: application/javascript
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;ID=179018;size=640x480;setID=479628;type=async;domid=placement_479628_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account... Show response
ads.securityweek.com/adserve/ 2 KB
1 KB 26ms
25ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;ID=179018;size=640x480;setID=479628;type=async;domid=placement_479628_0;place=0;pid=7976325;sw=1600;sh=1200;spr=1;rnd=7976325;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;atf=1;click=CLICK_MACRO_PLACEHOLDER

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

a359b0899d6b0f2a149f19bcab1eb81aacb9b4751dba27692c18200b2f6ce0d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: application/javascript
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
210 B 17ms
16ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1282409227&t=pageview&_s=1&dl=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&ul=en-us&de=UTF-8&dt=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps%20-%20SecurityWeek&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1226850956&gjid=938627375&cid=420308831.1687313395&tid=UA-11590534-1&_gid=1840818092.1687313395&_r=1&gtm=457e36e0&jsscut=1&z=2049008888

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-M1YM36C8RW&gtm=45je36e0&_p=1282409227&cid=420308831.1687313395&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1687313394&sct=1&seg=0&dl=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&dt=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps%20-%20SecurityWeek&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M1YM36C8RW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK recommendations.js Show response
securityweek.disqus.com/ 64 KB
21 KB 132ms
131ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://securityweek.disqus.com/recommendations.js

Requested by

Host: securityweek.disqus.com
URL: https://securityweek.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

99aadcfc09927c669749552a47be55e884f5d3444a900bafedc7de6f4a5afe03

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:54 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 0
Vary: Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Content-Type: application/javascript; charset=utf-8
Cache-Control: stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21156

GET
H2 200 ;MID=179018;type=e959fb862;placementID=2114926;setID=479628;channelID=0;CID=773887;BID=521099255;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-... Show response
ads.securityweek.com/adserve/ 0
341 B 42ms
17ms XHR
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;MID=179018;type=e959fb862;placementID=2114926;setID=479628;channelID=0;CID=773887;BID=521099255;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;mt=1687313394732440;hc=ee67baafb0f3790aaf2469366851e413813cb897

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;libID=3866005
ads.securityweek.com/getad.img/ 226 KB
226 KB 6ms
6ms Image
image/png 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.securityweek.com/getad.img/;libID=3866005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: 594a9ae0946c65c5b0d44f36c80bd30e19748d90cc50129910d69642cb80825e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
last-modified: Wed, 14 Jun 2023 19:22:57 GMT
server: nginx
etag: "648a1391-3869a"
content-type: image/png
access-control-allow-origin: https://www.securityweek.com
cache-control: max-age=31536000
access-control-allow-credentials: true
content-disposition: inline; filename="bubble-agilitymeetssecurity-learnmore_640x480.png"
accept-ranges: bytes
content-length: 231066
expires: Wed, 19 Jun 2024 19:09:54 PDT

GET
H2 200 ;MID=179018;type=e959fb862;placementID=2118098;setID=605204;channelID=0;CID=775056;BID=521108524;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-... Show response
ads.securityweek.com/adserve/ 0
341 B 42ms
19ms XHR
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;MID=179018;type=e959fb862;placementID=2118098;setID=605204;channelID=0;CID=775056;BID=521108524;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;mt=1687313394735797;hc=76fd2f194bd8075b05de2348c034bedf10581c84

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;libID=3869891
ads.securityweek.com/getad.img/ 46 KB
47 KB 20ms
19ms Image
image/jpeg 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.securityweek.com/getad.img/;libID=3869891
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: f465619733ebd6fc099bcd00e2095dc29e6d6c2bce6ba849860eee51cbc2f84f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
last-modified: Mon, 19 Jun 2023 17:40:35 GMT
server: nginx
etag: "64909313-b910"
content-type: image/jpeg
access-control-allow-origin: https://www.securityweek.com
cache-control: max-age=31536000
access-control-allow-credentials: true
content-disposition: inline; filename="A-Risk-Pentesting-300x250.jpg"
accept-ranges: bytes
content-length: 47376
expires: Wed, 19 Jun 2024 19:09:54 PDT

GET
H2 200 ;MID=179018;type=e959fb862;placementID=2118090;setID=593294;channelID=0;CID=775056;BID=521108512;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-... Show response
ads.securityweek.com/adserve/ 0
342 B 38ms
15ms XHR
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;MID=179018;type=e959fb862;placementID=2118090;setID=593294;channelID=0;CID=775056;BID=521108512;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;mt=1687313394738653;hc=ca06c35e86a7c9e528173927de541ac7f40320bb

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;libID=3869885
ads.securityweek.com/getad.img/ 91 KB
91 KB 19ms
18ms Image
image/jpeg 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.securityweek.com/getad.img/;libID=3869885
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: 84a0cc2980f8f000ab8190daf3e806d0d8882c22df0f51b69debf18273b6f97d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
last-modified: Mon, 19 Jun 2023 17:43:32 GMT
server: nginx
etag: "649093c4-16c4f"
content-type: image/jpeg
access-control-allow-origin: https://www.securityweek.com
cache-control: max-age=31536000
access-control-allow-credentials: true
content-disposition: inline; filename="Cloud 970x250 banner for website.jpg"
accept-ranges: bytes
content-length: 93263
expires: Wed, 19 Jun 2024 19:09:54 PDT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/ 411 KB
127 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f295fdb1019a3c2ff2479582f5eda1915c67e8d8634f8b089920f86b6cc4fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 18:36:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27184
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129960
x-xss-protection: 0
server: cafe
etag: 10643696450713337328
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 19 Jun 2024 18:36:50 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 78 B
80 B 50ms
21ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.securityweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9c358163c9330587ecaf732269ef24fb4198cbb2e010b61e7eb8d2a3b3d94e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
x-xss-protection: 0
expires: Wed, 21 Jun 2023 02:09:54 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 67ms
24ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.securityweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 75 KB
16 KB 70ms
69ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3707725053298189&correlator=647170539509078&eid=31075400&output=ldjh&gdfp_req=1&vrg=202306150101&ptt=17&impl=fifs&iu_parts=1009451%2CSecurityWeek-Home-300x600%2CNewSW-970x90-Homepage%2CNewSW-300x600-Article-Right%2CNewSW-300x250-Home%2CNewSW-300x250-Article&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=300x600%2C970x90%2C300x600%2C300x250%2C300x250&ifi=1&adks=1565590840%2C2323175181%2C154041892%2C3002022740%2C665154368&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1687313394931&lmt=1687273286&dlt=1687313392264&idt=2621&adxs=-9%2C-9%2C1100%2C-9%2C1100&adys=-9%2C-9%2C997%2C-9%2C3493&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C0%7C-1%7C1&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&frm=20&vis=1&psz=0x-1%7C0x-1%7C300x0%7C0x-1%7C300x0&msz=0x-1%7C0x-1%7C300x600%7C0x-1%7C300x250&fws=2%2C2%2C4%2C2%2C4&ohw=0%2C0%2C1600%2C0%2C1600&ga_vid=420308831.1687313395&ga_sid=1687313395&ga_hid=1282409227&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a250d2cc281f6b1f166857726fe5f7cd11dd1f179817da3f3a3353f0771a8f54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16816
x-xss-protection: 0
google-lineitem-id: 6320589511,6180097320,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138436040929,138417024217,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 01A5 6 KB
3 KB 82ms
16ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 02:09:55 GMT
expires: Thu, 20 Jun 2024 02:09:55 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 12CD 7 KB
4 KB 155ms
122ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default

Requested by

Host: securityweek.disqus.com
URL: https://securityweek.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b004e49e537f9b6400d427726636957e8179800c037aa39061308707a7bb49f1

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2909
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Jun 2023 02:09:55 GMT
ETag: W/"lounge:view:9742884926.8654de78184cdc41d933da0183435073.2"
Last-Modified: Tue, 20 Jun 2023 19:01:56 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 vck.js Show response
cdn.justuno.com/ 2 KB
2 KB 45ms
18ms Script
application/javascript 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.justuno.com/vck.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/apps/body/gTSU7w8TKow-r0zxLGZWiDD2jUk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa433b899311f6fcb718687df51be730a5a7a3c6ce4dc2474ff26a383307b2ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 02:09:55 GMT
x-amz-version-id: IStAkkpAXub6mGXsU7R_eEc9Tjbt5OG9
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: EW9GBS7APZ1TYXN6
age: 5452
cf-polished: origSize=3165
x-77-cache: HIT
x-cache: HIT
x-age: 720914
x-accel-date: 1683098116
alt-svc: h3=":443"; ma=86400
x-amz-id-2: G5d+cLjddbcfcjHQ9QByxx9HCoThojK45vZ0s4KHaCpHd3Si2jTdeFNwfCKmd470h7FQPoLHtYk=
x-77-nzt: AcO1ryfCG7P/EgALAA
cf-bgj: minify
last-modified: Thu, 12 Nov 2020 22:18:40 GMT
server: cloudflare
etag: W/"0d90f75705633071cb4330dbccfe579a"
x-77-nzt-ray: 25b021315ae1169e160a5d64d47d100c
access-control-max-age: 3000
vary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: public, max-age=691200
cf-ray: 7da8b64f4f97905e-FRA
access-control-allow-headers: *
expires: Thu, 29 Jun 2023 02:09:55 GMT

GET
H3 200 3 Show response
www.securityweek.com/wp-json/wordpress-popular-posts/v1/popular-posts/widget/ 4 KB
2 KB 601ms
601ms XHR
application/json 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/wp-json/wordpress-popular-posts/v1/popular-posts/widget/3?is_single=34057

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=6.1.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

15f371a5eeece01aedd41dc55fca5356cfc6e8376b3485458ead5fe7dbe94b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
x-cache-group: normal
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-powered-by: WP Engine
x-cache: HIT: 3
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
allow: GET
content-type: application/json; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MeSLg%2BXA40OI1W9I7rGAkd1Dc3fFaTcj5lxzlSlZr70pmoFlDY2DoBJms3nnho1cBk6fgQOE1vMRCZFq31lhLABdw52yON3YLuaroPqAAvMKFn3wcO2zTJCU7azFObaQSalsBRoRKfORa2c3ML1dLDPL"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=600, must-revalidate
x-robots-tag: noindex
link: <https://www.securityweek.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 7da8b64f2d919273-FRA

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 49ms
25ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01877e4bfd2837af4256c15d686966999459ea426582ac4761aa7cd1ad769824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11345
x-xss-protection: 0

POST
H3 204 rum Show response
www.securityweek.com/cdn-cgi/ 0
145 B 32ms
10ms XHR
text/plain 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
content-type: application/json

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.securityweek.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7da8b64f6daa9273-FRA

GET
H/1.1 200
OK / Show response
disqus.com/recommendations/ Frame 2247 6 KB
4 KB 137ms
131ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps

Requested by

Host: securityweek.disqus.com
URL: https://securityweek.disqus.com/recommendations.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f02c04333073962e773be1b3e14a616eb1331ea5a13fd4d8b2fb314e5f3b9684

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2406
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 21 Jun 2023 02:09:55 GMT
Last-Modified: Sat, 11 Feb 2023 12:39:27 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306150101/pubads_impl.js?cb=31075400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 21 Jun 2023 02:09:55 GMT

GET
H2 200 account_version_check.html Show response
my.justuno.com/ajax/ 36 B
469 B 135ms
124ms Script
application/json 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.justuno.com/ajax/account_version_check.html?id=A230AE4D-581E-411F-ACCB-A081243B2697
Requested by: Host: cdn.justuno.com
URL: https://cdn.justuno.com/vck.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc2bc3efbc8b25992c66e354e3e34ccbf643942699473a4b16cf63f9e0241598

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
cf-cache-status: EXPIRED
p3p: CP="CURa ADMa DEVa TAIa CONa OUR BUS DSP NON COR"
alt-svc: h3=":443"; ma=86400
content-length: 36
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 20 Jun 2023 19:09:55 PST
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30
accept-ranges: bytes
cf-ray: 7da8b64f9fb8905e-FRA
access-control-allow-headers: X-CSRFToken, x-csrf-token, x-rover-source, X-Requested-With, origin, content-type, accept
expires: Wed, 21 Jun 2023 02:10:25 GMT

GET
H2 200 lounge.load.f9845c89be1dcd44c67adb8441a77064.js Show response
c.disquscdn.com/next/embed/ Frame 12CD 1 KB
1 KB 64ms
9ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.f9845c89be1dcd44c67adb8441a77064.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cc029ab3e2b370db593520f586a7284f14f0ca6c027228a41db3ca3b2e4e3f52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 89a45b9ac94fb6c6e52c37fdd89a6cb0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 366690
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 627
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-273"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: 99rOiPS82_INq5IHygHPbUiubpZeKCbLb_s3Uc_OwBEi5v_MxMxhxA==
expires: Sat, 15 Jun 2024 20:18:25 GMT

GET
H2 200 5319632.js Show response
js.hs-banner.com/ 60 KB
16 KB 157ms
128ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5319632.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5319632.js?integration=WordPress&ver=10.1.23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7c91227ed1cf1d83d32996e4e61a4f77dbdbbc9920a3a29f5ab522d237c74b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
x-amz-version-id: Re7uVMKIIL3DzEPcXMU7stPISkZ1nT3r
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: QFP4FR9239Y50RKA
x-amz-server-side-encryption: AES256
x-amz-id-2: HYIQFQIOfw7pX20VMYEqDbPdqcs8N00KvbgBDkdGmsxTNnF296TY8hHc4NCH8dzDE3R1dQBDixpON6wg/oHQPF061AEa8XUi28YWiZAngV8=
last-modified: Mon, 17 Apr 2023 15:35:42 GMT
server: cloudflare
etag: W/"fbac0553015dccf82e36fcb606c4d982"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7da8b64fea406997-FRA
expires: Wed, 21 Jun 2023 02:14:55 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 164ms
136ms Script
application/javascript 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5319632.js?integration=WordPress&ver=10.1.23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3

Request headers

Referer: https://www.securityweek.com/
Origin: https://www.securityweek.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
x-amz-version-id: S1jmwKbmrdTaJO._teNI0LpuWSvl4WIJ
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
content-encoding: br
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.378/bundles/project.js&cfRay=7da8b64fe95c373a-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c29e8d06-9919-4757-bb8c-bf01e1a3f35c
last-modified: Tue, 13 Jun 2023 09:45:35 UTC
server: cloudflare
etag: W/"b19afd994dc32a5784e74169cca8128a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-ksc82
cf-ray: 7da8b64fe95c373a-FRA
x-amz-cf-id: K5AHemALxQf__SFeexak6rnXbhEhkACnttF_7fbjIqpF_2HHo0Lpdw==
x-hs-target-asset: collected-forms-embed-js/static-1.378/bundles/project.js

GET
H2 200 5319632.js Show response
js.hs-analytics.net/analytics/1687313100000/ 66 KB
21 KB 171ms
143ms Script
text/javascript 2606:4700::6810:8cce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1687313100000/5319632.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5319632.js?integration=WordPress&ver=10.1.23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8cce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbac39d3d3370e9ea0816fd757737e3d0ea6d4c30a4dbc61df4b89f38a64dee5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: CTQ5QWR1G4333ZXV
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 17
x-amz-id-2: 9Z8hg+DlgGRKwIcjxRpxzYhw0Y0zTIxiLWCNuzfOI8RXej5M9PbsFH194K2R7Kb4KTWGcMXbYFw=
x-evy-trace-listener: listener_https
x-request-id: c31deec6-9537-4776-8564-25aefc59131e
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 15 Jun 2023 14:48:07 GMT
server: cloudflare
etag: W/"32abd2594e9bba3d2dcc89617cc96410"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7da8b64feb0f39c1-FRA
expires: Wed, 21 Jun 2023 02:14:55 GMT

GET
H2 200 common.bundle.42272221620e218896f3973a3bb140e2.js Show response
c.disquscdn.com/next/embed/ Frame 12CD 280 KB
93 KB 29ms
7ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.f9845c89be1dcd44c67adb8441a77064.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d23fd6a13b657ba55789f4a8b098f72d86e253917a83af15a2e4e6ed23a9e5c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 366690
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94141
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-16fbd"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: n6mYmQ7AbrVusZkqcZYzNXWKpek-KSqZ792fIPjxlztXzzhNI13byg==
expires: Sat, 15 Jun 2024 20:18:25 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7249 13 KB
5 KB 10ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 44213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:02 GMT
expires: Wed, 19 Jun 2024 13:53:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0CD3 783 B
1 KB 46ms
17ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eb6220b8e967cb61b96456c1a57c4ac0b012058161c54f1a71103cfb53811d51

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7E0kKkVHL7fDj5G-F9Gf0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-7E0kKkVHL7fDj5G-F9Gf0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 21 Jun 2023 02:09:55 GMT
expires: Wed, 21 Jun 2023 02:09:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 1SSVsYZJr8uIwdDGCB28uEfJ_gMT-7RJhMj1JjXxEHA.js Show response
pagead2.googlesyndication.com/bg/ Frame 7249 38 KB
14 KB 27ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1SSVsYZJr8uIwdDGCB28uEfJ_gMT-7RJhMj1JjXxEHA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d52495b18649afcb88c1d0c6081dbcb847c9fe0313fbb44984c8f52635f11070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 11:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 398961
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14776
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Jun 2024 11:20:34 GMT

GET
H2 200 lounge.dbc47866f009f9d6f1556cd58214d9a3.css
c.disquscdn.com/next/embed/styles/ Frame 12CD 233 KB
33 KB 7ms
6ms Stylesheet
text/css 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 30 May 2023 18:53:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 1840595
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33282
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 30 May 2023 18:28:53 GMT
server: nginx
etag: "64764065-8202"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: N638STo5SvnEKpwXfAX6NP3kd4OkaYi1IEniZeQeg5n3FF1-3J57eg==
expires: Wed, 29 May 2024 18:53:20 GMT

GET
H2 200 lounge.bundle.9558099f779315028dc12a9f541ec505.js Show response
c.disquscdn.com/next/embed/ Frame 12CD 512 KB
128 KB 7ms
7ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.9558099f779315028dc12a9f541ec505.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f8893360b5c3e56770f4def203e5802050cf300e3f59976457fd548a7b5c07e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 366690
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 130747
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-1febb"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: ZEJtK04VMQPvojtstOQ_-rpDj-geApDUI9t5Y1QdGQzrxWkH89aX8Q==
expires: Sat, 15 Jun 2024 20:18:25 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 12CD 18 KB
19 KB 7ms
7ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2cd13dab0284cd5046d058f9381c992ad78ceb916d8afcc5505722924af8596d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 35
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 18636
X-XSS-Protection: 1; mode=block

GET
H2 200 recommendations.load.af5dcff7c80ddb6cb8b656857138adf1.js Show response
c.disquscdn.com/next/recommendations/ Frame 2247 923 B
1 KB 19ms
19ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.load.af5dcff7c80ddb6cb8b656857138adf1.js

Requested by

Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e4cc94b363c56c58b41c39282ca5728110a71e97c1eb51d03a8b6c98536d5727

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 89a45b9ac94fb6c6e52c37fdd89a6cb0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 366676
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 450
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-1c2"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: RycwJA5fADLrioKmTe3eJhQQJG0tEspEOeqqMKlYLraKizIM6Y3L1w==
expires: Sat, 15 Jun 2024 20:18:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0CD3 0
0 42ms
42ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306150101&jk=3707725053298189&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 mwgt_4.1.js Show response
cdn.justuno.com/ 207 KB
52 KB 23ms
22ms Script
application/javascript 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.justuno.com/mwgt_4.1.js?v=5.65
Requested by: Host: cdn.justuno.com
URL: https://cdn.justuno.com/vck.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c997cfdcf118917154abb4bbc13f3bf1d7a654bcf6834617f642b724c52b2095

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 21 Jun 2023 02:09:55 GMT
x-amz-version-id: rrEDb14q6pa5RFDAe85tZKdE5DQwmz0F
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 753RSBPZJSPB2175
age: 694232
cf-polished: origSize=282277
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 583677
x-accel-date: 1683235408
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TphnYUOqQKnu/h9q0USnKjrdyoNUBXDXSd+2JgNdBcLYjz30rSnSrZ8RByXnVJS8lb79UNfS7y2YrZ61G+bajA==
x-77-nzt: AcO1rycouRD//ecIAA
cf-bgj: minify
last-modified: Thu, 04 May 2023 21:21:29 GMT
server: cloudflare
etag: W/"8bda1cb0c04d4a3c25c956be552a9cb4"
x-77-nzt-ray: 25b0213106d689e34d0a5d6413a4a024
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=700000
cf-ray: 7da8b650c836905e-FRA
access-control-allow-headers: *
expires: Thu, 29 Jun 2023 04:36:35 GMT

GET
H2 200 common.bundle.26820753104bbfb2cc90e573a2447f47.js Show response
c.disquscdn.com/next/recommendations/ Frame 2247 262 KB
87 KB 8ms
8ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.af5dcff7c80ddb6cb8b656857138adf1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

bf8b01a15285873abfae001dc9804d07312ad4cbb565784ec31dd82c71d1f94c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 366681
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 88850
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-15b12"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: pnKwtXq1iV_um3LOtdUWUG1avQyQJS-8L4HvUMwDnzarh5lQ6AGgmA==
expires: Sat, 15 Jun 2024 20:18:34 GMT

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
168 B 122ms
122ms XHR
text/plain 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/5319632.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.securityweek.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 93346839-9ed7-41cc-b517-bc117cbdb0a2
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 18
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a0505046-58a5-4ccd-ac0f-db757e83d802
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.securityweek.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7da8b6536e3c18e7-FRA

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 383ms
365ms Preflight
application/octet-stream 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.securityweek.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.securityweek.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7da8b6512cfe18e7-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 21 Jun 2023 02:09:55 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
x-evy-trace-virtual-host: all
x-request-id: d9c1922a-c425-4e1c-bc0e-262c386e3457

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 12CD 3 KB
4 KB 9ms
8ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=securityweek&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd6ecb2de64d9421f1cb5aeb28b25f287199206649273449573bc73a20b413f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 99
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3314
X-XSS-Protection: 1; mode=block

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
431 B 129ms
118ms XHR
application/json 2606:4700::6811:6cc7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=5319632&utk=
Requested by: Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:6cc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0978438d354ec5e681207be25f53c69b24700125938105927de69dc0e55bcd48

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.securityweek.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 61fe3bdd-f137-46c5-943f-4007b44a9c67
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9d7dd9f3-f87b-45c2-b224-75b25b86bccb
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.securityweek.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-h6thn
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7da8b6519a9f373a-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 159ms
131ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=5319632&ct=blog-post&rcu=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&pu=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t=Researchers+Flag+Account+Takeover+Flaw+in+Microsoft+Azure+AD+OAuth+Apps+-+SecurityWeek&cts=1687313395445&vi=bc6cdd72e7e62d4b5e9694ff33cc81d9&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a3b51482-4890-40d1-8765-d1d24b1a5761
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 76e0b2dc-00a7-4029-a6a6-02c67b6af555
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMWKkIt831w99TKmNgjEIMKB08HufPBjLUmjLXkr3vwSmMqP5yZmfyPcjh50FVvcieEJD6LfXTp0dZSr8t7fxZlI3qAQfuNyoaxyxjwzS2eEdo1x3NbOzdcsohCTKuoG%2BQvYZM3BZSomKgB9knel"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-5f6448c676-lqfnv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7da8b651bf282bdf-FRA
x-robots-tag: none

GET
H2 200 css2
fonts.googleapis.com/ Frame 12CD 11 KB
970 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 00:46:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Jun 2023 02:09:55 GMT

GET
H/1.1 200
OK ratingsSummary.json Show response
disqus.com/api/3.0/threads/ Frame 12CD 89 B
524 B 131ms
131ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threads/ratingsSummary.json?thread=9742884926&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36fbd3487203ec6ee01e6b5e653cd171ae8d01f5bfd8e6d68c6e9f342eaf031c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 89
X-XSS-Protection: 1; mode=block

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/29/4163/ Frame 12CD 2 KB
3 KB 8ms
8ms Image
image/jpeg 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/29/4163/avatar92.jpg?1676119033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

723e03424d188ef9a3eb0f421e4727535cbb8d4fb33ddc0e445e1d5251305d30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 11 Feb 2023 12:38:31 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 11194284
x-cache: Hit from cloudfront
content-length: 2296
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Sat, 11 Feb 2023 12:37:14 GMT
server: nginx
etag: "fff2e16b3a0f70d551c66bc12512f2ad"
content-type: image/jpeg
cache-control: max-age=31536000, public, immutable
accept-ranges: bytes
x-amz-cf-id: VRXmE0lBiv4gi8-yZFGM9vjzmLHo-zCheWNa7iMXjRT9xvRcIrPKsQ==
expires: Sun, 11 Feb 2024 12:38:31 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 12CD 13 KB
13 KB 7ms
7ms Image
image/svg+xml 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 25 Mar 2023 15:31:57 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 7555078
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 17 Mar 2023 09:25:43 GMT
server: nginx
etag: "64143217-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HDMXPe9urJ1PxbWAMe_jCKA65fQelDP3aSWG3MF7tBuEbI1BtEd9vg==
expires: Sun, 24 Mar 2024 15:31:57 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 12CD 3 KB
3 KB 8ms
8ms Image
image/gif 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 26 Mar 2023 01:39:17 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 7518638
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 17 Mar 2023 09:25:43 GMT
server: nginx
etag: "64143217-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UkKXFs9aMm_gfiaTOZAKbXTaIqIN33FY_erisq94hkNbMGjo0fffTQ==
expires: Mon, 25 Mar 2024 01:39:17 GMT

GET
H2 200 email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame 12CD 840 B
1 KB 9ms
8ms Image
image/svg+xml 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 19 Apr 2023 18:37:18 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 5383957
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 840
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 18 Apr 2023 23:42:29 GMT
server: nginx
etag: "643f2ae5-348"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IqtNFODfLe4RDufu6Mab7tqBFxp2Zjkmi23TEvtbWZSkj0CnvzGQKw==
expires: Thu, 18 Apr 2024 18:37:18 GMT

GET
H2 200 privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame 12CD 891 B
1 KB 9ms
9ms Image
image/svg+xml 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 22 Mar 2023 01:25:36 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 7865059
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 891
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 17 Mar 2023 09:25:43 GMT
server: nginx
etag: "64143217-37b"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: fJnfDDC5Y0wVoIfUygigm_YsOSNforMtaI2XsK4vrMHD24Hc0V1UFA==
expires: Thu, 21 Mar 2024 01:25:36 GMT

GET
H2 200 warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame 12CD 605 B
1 KB 10ms
9ms Image
image/svg+xml 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 22 Apr 2023 01:32:44 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 5186231
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 605
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 21 Apr 2023 16:09:03 GMT
server: nginx
etag: "6442b51f-25d"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IfxGomf9NWDzL0j03wsCmyffAIytYesQvnfq7IDkHeMsPV_JECrxOw==
expires: Sun, 21 Apr 2024 01:32:44 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 12CD 8 KB
8 KB 7ms
7ms Font
application/octet-stream 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 24 Apr 2023 14:33:14 GMT
via: 1.1 89a45b9ac94fb6c6e52c37fdd89a6cb0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MUC50-C1
age: 4966601
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 21 Apr 2023 16:09:02 GMT
server: nginx
etag: "6442b51e-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: jm0LFrn88bDB_KfsQQZZHjSI-vf9JOfMDlgINupDUGJdW86W9JuCAg==
expires: Tue, 23 Apr 2024 14:33:14 GMT

GET
H2 200 recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame 2247 14 KB
3 KB 7ms
6ms Stylesheet
text/css 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ad59b3c437a380375b4205e22d9bf50856690b094d2fa425ae90971f5b58758e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 06 Apr 2023 05:41:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 6553716
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2968
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 05 Apr 2023 19:22:35 GMT
server: nginx
etag: "642dca7b-b98"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: DJNEBLZgu1bUqwr-qWa5F99xFvxqKa8eA3n-W2XYci_bRCu9HVWhaA==
expires: Fri, 05 Apr 2024 05:41:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 12CD 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 340768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 03:30:27 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 12CD 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 00:26:19 GMT
x-content-type-options: nosniff
age: 6216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jun 2024 00:26:19 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 12CD 15 KB
16 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 291940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 17:04:15 GMT

GET
H3 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 12CD 17 KB
17 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 23:47:40 GMT
x-content-type-options: nosniff
age: 267735
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 23:47:40 GMT

GET
H3 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 12CD 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 16:54:27 GMT
x-content-type-options: nosniff
age: 292528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 16:54:27 GMT

GET
H3 200 store_4.1.html Show response
cdn.justuno.com/ Frame 0F57 2 KB
1 KB 33ms
32ms Document
text/html 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.justuno.com/store_4.1.html?v=5.65
Requested by: Host: cdn.justuno.com
URL: https://cdn.justuno.com/mwgt_4.1.js?v=5.65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c189dd46df7ab8b489d4a3238defd7975ad02f114eb3f72fedadeb6fde7cbe0

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: max-age=700000
cf-cache-status: DYNAMIC
cf-ray: 7da8b652aabc912b-FRA
content-encoding: br
content-type: text/html
date: Wed, 21 Jun 2023 02:09:55 GMT
last-modified: Tue, 31 Mar 2020 15:31:26 GMT
server: cloudflare
vary: Accept-Encoding
x-77-cache: HIT
x-77-nzt: AZySIYhdkzf/ltEIAA
x-77-nzt-ray: f6587a1d86eae9a2f35b92649ab82e26
x-77-pop: frankfurtDE
x-accel-date: 1686735453
x-age: 577942
x-amz-id-2: KETpAWTlJyvw2aLmToES+VX4H+9PlraRqOXGK0ztvPvtRQYUnzO2TF6if32x5/85ueFkTlOJAwo=
x-amz-request-id: 1XYFQ4SF6VMD7ZEV
x-amz-version-id: n8._QaxL6VauG4hu9U02QXwqY3LVnM24
x-cache: HIT

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
983 B 169ms
130ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-HubSpot-Correlation-Id: 13415dbc-e3a2-47dd-8124-c503e141152e
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: bdc7cda0-3eb7-4db1-b762-995fe0c4c323
Server: cloudflare
X-Trace: 2B7C1F3EC496D954120FFE60569A6BA976000A2F4C000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-759c64d45c-qr8ft
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7da8b6530e589a23-FRA

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 12CD 43 B
339 B 140ms
108ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.23&load_time=265&event=init_embed&thread=9742884926&forum=securityweek&forum_id=294163&imp=6ogqb0f2eibtpj&thread_slug=researchers_flag_account_takeover_flaw_in_microsoft_azure_ad_oauth_apps&user_type=anon&referrer=https%3A%2F%2Fwww.securityweek.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 0424 337 B
841 B 7ms
7ms Stylesheet
text/css 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: securityweek.disqus.com
URL: https://securityweek.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 22 Apr 2023 01:26:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 5186634
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 21 Apr 2023 16:09:03 GMT
server: nginx
etag: "6442b51f-f4"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: OYRDwAyBl63z0vIy3E6CLuZw-oUi_YvYyUflrDkSY6es6Vq8eTzF4g==
expires: Sun, 21 Apr 2024 01:26:01 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame E3CE 337 B
839 B 9ms
8ms Stylesheet
text/css 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: securityweek.disqus.com
URL: https://securityweek.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 22 Apr 2023 01:26:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 5186634
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 21 Apr 2023 16:09:03 GMT
server: nginx
etag: "6442b51f-f4"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: ig-hlvW9iNOafJQtHE635-kjMd2sFozh3X5TJVa5LpnVGtKU8yhmcw==
expires: Sun, 21 Apr 2024 01:26:01 GMT

GET
H2 200 recommendations.bundle.bb3216316047d5c61d9dafa6240fbf39.js Show response
c.disquscdn.com/next/recommendations/ Frame 2247 65 KB
20 KB 14ms
13ms Script
application/javascript 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.bundle.bb3216316047d5c61d9dafa6240fbf39.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5bd060c4d7413c66456b91af3b13d3a3823c90543d9ccebc7a94a892ecb36d27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 27 Mar 2023 01:27:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 7432954
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20326
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 17 Mar 2023 09:25:43 GMT
server: nginx
etag: "64143217-4f66"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: RTOyYFkkbo2KXZw70ArmwBoiCzLH0pJsOA4ByY0G6a-UK1TET7noWQ==
expires: Tue, 26 Mar 2024 01:27:20 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 2247 18 KB
19 KB 13ms
12ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2cd13dab0284cd5046d058f9381c992ad78ceb916d8afcc5505722924af8596d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 35
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 18636
X-XSS-Protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7249 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hkW94g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 2247 3 KB
4 KB 8ms
7ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=securityweek&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd6ecb2de64d9421f1cb5aeb28b25f287199206649273449573bc73a20b413f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 99
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3314
X-XSS-Protection: 1; mode=block

GET
H3 200 css2
fonts.googleapis.com/ Frame 2247 11 KB
874 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 00:52:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Jun 2023 02:09:55 GMT

GET
H/1.1 200
OK listRecommendations.json Show response
disqus.com/api/3.0/discovery/ Frame 2247 7 KB
7 KB 99ms
98ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=securityweek&thread=ident%3A34057+https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.26820753104bbfb2cc90e573a2447f47.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bb8ce4edaacacd0675a48e4a1095fbf17542b19e9fcec1a656746eee6d1dd581

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/recommendations/?base=default&f=securityweek&t_i=34057%20https%3A%2F%2Fwww.securityweek.com%2F%3Fp%3D34057&t_u=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F&t_e=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_d=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps&t_t=Researchers%20Flag%20Account%20Takeover%20Flaw%20in%20Microsoft%20Azure%20AD%20OAuth%20Apps
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Wed, 21 Jun 2023 02:09:55 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 1319
X-Frame-Options: SAMEORIGIN
Vary: Origin
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cache-Control: stale-while-revalidate=450, public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 6942
X-XSS-Protection: 1; mode=block

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2247 15 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 291940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 17:04:15 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2247 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 00:26:19 GMT
x-content-type-options: nosniff
age: 6216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Jun 2024 00:26:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2247 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 340768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Jun 2024 03:30:27 GMT

GET
H2 200 get
c.disquscdn.com/ Frame 2247 14 KB
15 KB 10ms
9ms Image
image/jpeg 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.securityweek.com%2Fwp-content%2Fuploads%2F2023%2F05%2FBarracuda-zero-day-1024x659.jpg&key=aA9-_UF9QHwJE5E_Y2ZTYw&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6e0a2f221a71508514882c826bc2499c58d93e09cbe50dfb85bc1b79822f367e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 17:42:52 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MUC50-C1
age: 2304506
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 14333
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3sByOQ89NdNAhV5SDdk75Vjlh7ut%2BydNs%2FneEVSrgow%2Bed5Gu%2FCKGjr6tgCVJAAvWhQGBJvMkJqW3d9cydaavHgvkOwtQjgqCtZW4JRzBMaKUBI0aKvt9H2HSYB2mKGCXG29EGk"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: 7BUxclRFLWeQeY47kj2nlZttDOb37lspFjI42tjG1lN_tZc8wWquQQ==
expires: Sun, 16 Jul 2023 17:42:52 GMT

GET
H2 200 get
c.disquscdn.com/ Frame 2247 11 KB
12 KB 113ms
112ms Image
image/jpeg 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.securityweek.com%2Fwp-content%2Fuploads%2F2023%2F01%2FCybersecurity_News-SecurityWeek.jpg&key=OHuLlFkvz6yG7koQwAk7gA&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

31a70ac053fb9095fecfab31d7fed0ee075826150483ba25283082f960f5c8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 21 Jun 2023 02:09:55 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MUC50-C1
age: 10900313
x-cache: Miss from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 11377
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C37%2BuPzHjRwvp2pbLLOTmiuVwrxHbG%2BXRlo6riQXH8LDL4SevjSjFatFbbEXB7ulpU9Op0%2Fe4YUVUMMU8%2FPmMCRB2Jvk3CuWyvyMC2Hj6C%2BRDKeWMPBmky42FadqLy6H2qx3jNnM"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: WxJfQKckUUY49sOJ3UMsahg9SK1uPY9vmE_4BIS-8cg8jVYzPJFZ9Q==
expires: Fri, 21 Jul 2023 02:09:55 GMT

GET
H2 200 get
c.disquscdn.com/ Frame 2247 8 KB
9 KB 20ms
19ms Image
image/jpeg 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.securityweek.com%2Fwp-content%2Fuploads%2F2023%2F06%2FASUS-Vulnerabillities.jpg&key=rQ1glGeNAO3LVLrlbXkHbA&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

83f4310b581cb23f811260ce6268d6294cc7322f8ac4cd9ba59aef0b136a43b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 20 Jun 2023 20:01:08 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MUC50-C1
age: 55888
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 8446
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWRe0AZGGgYA3IkozHCwVylVitHxHoAwB99X5Neg4CXUbGiVNM0Z2f%2FV8IFW%2B%2FJmRjMh89H%2BxqJykh6FxWfEjwtFQIm%2BlaMqGDW%2FLapd3dYG5Lvy2XVxoB8zWpvOAajNipS81QiNfW3PKn0JlwgRiJAX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: qmJ5Lp36FYnC6HD-eCN8Q3Ev6bZeYsg9-WaqWJZjOilYua3B3DzL4A==
expires: Thu, 20 Jul 2023 20:01:08 GMT

GET
H2 200 get
c.disquscdn.com/ Frame 2247 125 KB
126 KB 11ms
11ms Image
image/png 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.securityweek.com%2Fwp-content%2Fuploads%2F2023%2F06%2FCISO_Forum-Lobbt-1.png&key=4rl1IVR_11re3e5cJTuL8w&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

230dd0c4b28cc9eb4be801d009305f3d7a5c78bf76c3c79cbac1dd3dc3b32a0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 20 Jun 2023 12:10:38 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MUC50-C1
age: 136830
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 127692
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpogzctUyrs8Ujo16MZ6uqbFK8b8iEZ3wTvy8%2BIuktp%2FzZBpdhM70w7tv55oMxwDcdtKLHAAEz53w%2Fl2JZEvvTQVopmL%2BaVo3vpFckFG%2BOzP3BaFr%2BYMTj%2BMo1WKApYqFrKV5GM1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: h2wOGhCaNZffQviVezVu1rGmQlRU4e0AHLaCOgZIkASszWwkIXhLuQ==
expires: Thu, 20 Jul 2023 12:10:38 GMT

GET
H2 200 get
c.disquscdn.com/ Frame 2247 158 KB
159 KB 17ms
17ms Image
image/png 2600:9000:20c3:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.securityweek.com%2Fwp-content%2Fuploads%2F2023%2F06%2FMOVEit-zero-day-victims-1024x265.png&key=66WHFAtYDE4JlLGJ_9Wb3Q&h=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b6d72de748c7db479eee5c19ea8419349bd37edcbfe5572b307b3661835a9251

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 17 Jun 2023 08:44:29 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MUC50-C1
age: 408452
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
cross-origin-resource-policy: cross-origin, cross-origin, cross-origin
content-length: 162032
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl%2FvSAUn%2FGpgUZmLQ4pPZ7p%2Bc00NjKFKivmwJiKHCNnYC5GpqaZjWecnf0mRN3fk3k0%2BqRTBArivwh8kTEm3iF%2Fqqw7yB2m53LQxfttSNJd%2Fl7qcoghaZShMtj5vuHk9A5SKyInC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: _Z2xYACGzsO7s-K5gtbT7hDG-8S4tM8EfYst38frJOP0q_roiSTjBQ==
expires: Mon, 17 Jul 2023 08:44:29 GMT

GET
H2 200 ;MID=179018;type=v959fb862;placementID=2118090;setID=593294;channelID=0;CID=775056;BID=521108512;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-... Show response
ads.securityweek.com/adserve/ 0
341 B 10ms
10ms XHR
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;MID=179018;type=v959fb862;placementID=2118090;setID=593294;channelID=0;CID=775056;BID=521108512;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;mt=1687313394738632;hc=e5f19cc9db28906efe075e19cd88f8a10a800035

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306150101&jk=3707725053298189&bg=!qKulq__NAAaGYqkwpmI7ADkAdvg8WtsbC6Dc829a-FZgU0021ViCjXPJuScOiMF-FiWjr0ytXqETqSBnenPFrGkD0Sst5IWTC3ECAAABzFIAAAADaAEHCgAqlquyts3qwl3UYERrj32t7hCp925qXah_kRktM1TFiDRbVq6c8KL1x-UAmQLkX_wHE-1g2Keo81n9BysjaT4Vow5S18Rve-R8hAmUvXKEDPp31PKIL8VDZwTZ8zRmdpFFGX-zCmaeOE01vfhqcHkfvIrB5F0fVsdgJZ6OGT6UmzpJyEiJjYp5r2AAcE88raTnvn2FXwgnrtD7Yi50UBDItMMe-Yy4ysQsBCsli3AsMcYAL_g5ddfMDBxsKx_YgB1vn5kWpCPiEbandSSpwFLzIPYcii9xZT6G-rTbMjfgaigjwe7fSScc7D4A0ZS7hI6nejwUHbBsPMyYjPB1vlcQQ2MbqruuQ-mCa2CnPhDjT7TlG7soOFWGpKRXN0XkIV-EM8e61--j8wo5KSqqTv0Bqt25CHGeBjOvrqzdKbj_-kEJ2Hm_eeYS-Szs8TKbNLWWkhNhDmPHACdCh-GsWZKJrdf93CCrfljM5rW1KrRlAmr6qzO8DloRJQfwHAsOBNDgGjRIlPB2DPEM16CzrFU2R6aEWiaXSxfbuUt2YBOzPW5FOcZn452FfvLIWZW5wne5STn5m2bhcQWOu4lJZDCWk8-Bv-FPGVkP5SEnzIoUX53DWdF37L8Yg0acQLw7XAHR5uM02AkPKXknRchlHAcYQShJE3TqxOACrkUqDO1MntGXi5VjQd5Yw9lzBmTVzCTTcseiwyRXF4I_chZtt7XfqK42ho8s1m5I9Pu50KD592kUqoovzR7Lu3NnhJ_f3qAYG7QzNYd-C-uaTH6njGlPIYPZH93qfZ0biJAbxGXugz6cI7jwgDoV7TxYMkgW2ib0rhYSgpYWtypZXLOxMlYtsJA0d8NHec74ljAZaO11zzbz4HMFekVUsgPOMH8H41_dnqOe2iISLFVnTjGllAU961Tj1KNBXsaCcY2WOJoHpRUV0hfEjcthGyD1ukChHvkjudEWmQkJwimxvOY9pa8E5_Xra5H9yMm5-WhxiGAGw5FtjpDmOdnmSnSoaCsGMrYLt9qx5DiC0RKCyIftCQxkbeY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 account_config_4.1.html Show response
my.justuno.com/ajax/ 4 KB
2 KB 167ms
167ms Script
application/json 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.justuno.com/ajax/account_config_4.1.html?callback=jsonCallback&m=0&id=A230AE4D-581E-411F-ACCB-A081243B2697&p=0&cm=0&pl=40
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecbc91caef45d6527347392a7e67754c5e7e3cf8c99395bf0d387fb1fe4dc8c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
cf-cache-status: EXPIRED
last-modified: Tue, 20 Jun 2023 19:09:56 PST
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; Charset=UTF-8
p3p: CP="CURa ADMa DEVa TAIa CONa OUR BUS DSP NON COR"
cache-control: no-store,private
cf-ray: 7da8b658ee11912b-FRA
access-control-allow-headers: X-CSRFToken, x-csrf-token, x-rover-source, X-Requested-With, origin, content-type, accept
alt-svc: h3=":443"; ma=86400
expires: Wed, 21 Jun 2023 02:09:56 GMT

GET
H2 200 findp Show response
aly.justuno.com/api/session/ 1 KB
825 B 158ms
149ms Script
application/javascript 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aly.justuno.com/api/session/findp?callback=jsonFindCallback&accid=A230AE4D-581E-411F-ACCB-A081243B2697&genhash=&device_static_hash=&userid_hash=&pageId=rkanzo&guid=&time=0&segment=0&language=en-US&camefrom=&thisurl=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps&agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.133%20Safari%2F537.36&sw=1600&sh=1200
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42df797095c28cccb8342dca9ff491be0558e4575a62e4f6e641e4c8529cbe5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: DAV, content-length, Allow
access-control-allow-credentials: true
cf-ray: 7da8b658fc24905e-FRA
access-control-allow-headers: X-CSRF-Token, x-rover-source, origin, x-requested-with, content-type, accept, cache-control
alt-svc: h3=":443"; ma=86400

GET
H3 200 store_4.1.html Show response
cdn.justuno.com/ Frame F099 2 KB
1002 B 20ms
20ms Document
text/html 2606:4700::6811:cb35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.justuno.com/store_4.1.html?v=5.65
Requested by: Host: cdn.justuno.com
URL: https://cdn.justuno.com/mwgt_4.1.js?v=5.65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:cb35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c189dd46df7ab8b489d4a3238defd7975ad02f114eb3f72fedadeb6fde7cbe0

Request headers

Referer: https://www.securityweek.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: max-age=700000
cf-cache-status: DYNAMIC
cf-ray: 7da8b65a0ee6912b-FRA
content-encoding: br
content-type: text/html
date: Wed, 21 Jun 2023 02:09:56 GMT
last-modified: Tue, 31 Mar 2020 15:31:26 GMT
server: cloudflare
vary: Accept-Encoding
x-77-cache: HIT
x-77-nzt: AZySIYjPYSb/l9EIAA
x-77-nzt-ray: f6587a1d86eae9a2f45b9264cccc4330
x-77-pop: frankfurtDE
x-accel-date: 1686735453
x-age: 577943
x-amz-id-2: KETpAWTlJyvw2aLmToES+VX4H+9PlraRqOXGK0ztvPvtRQYUnzO2TF6if32x5/85ueFkTlOJAwo=
x-amz-request-id: 1XYFQ4SF6VMD7ZEV
x-amz-version-id: n8._QaxL6VauG4hu9U02QXwqY3LVnM24
x-cache: HIT

GET
H3 204 /
www.securityweek.com/wp-json/pum/v1/analytics/ 0
653 B 640ms
640ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securityweek.com/wp-json/pum/v1/analytics/?event=open&pid=33999&_cache=1687313397436

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/researchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:09:58 GMT
x-cache-group: normal
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WP Engine
x-cache: MISS
alt-svc: h3=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding,Cookie
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=blMmi8oyr2fQ4gGUjLzbgPpoya1kJI6pOm6Z9h0U%2BHSt0pwzP%2FjwB6sI5bjB2iPytJnZvr19t%2BD28%2BprkBt1rMQJx2Hwe5L7WGuQ36FlM3D1pWpTNIXEs73umBIn0jwfZA0dWjh%2FNIjrc5Nlk7Djau05"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=600, must-revalidate
x-robots-tag: noindex
link: <https://www.securityweek.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 7da8b65dfbb89273-FRA

GET
H2 200 ;MID=179018;type=v959fb862;placementID=2114926;setID=479628;channelID=0;CID=773887;BID=521099255;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-... Show response
ads.securityweek.com/adserve/ 0
341 B 9ms
9ms XHR
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.securityweek.com/adserve/;MID=179018;type=v959fb862;placementID=2114926;setID=479628;channelID=0;CID=773887;BID=521099255;TAID=0;place=0;referrer=https%3A%2F%2Fwww.securityweek.com%2Fresearchers-flag-account-takeover-flaw-in-microsoft-azure-ad-oauth-apps%2F;mt=1687313394732415;hc=d9c3486383c61e8f1811cea50e0bc7ded47f9782

Requested by

Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.46.88 Weng, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88.46.202.116.clients.your-server.de

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 21 Jun 2023 02:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
expires: Mon, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

405 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securityweek.com/	1970-01-20 22:17:53	Name: _ga_9QV8NZWNBC Value: GS1.1.1687313394.1.0.1687313394.0.0.0
.securityweek.com/	1970-01-20 12:43:19	Name: _gid Value: GA1.2.1840818092.1687313395
.securityweek.com/	1970-01-20 12:41:53	Name: _gat_gtag_UA_11590534_1 Value: 1
.securityweek.com/	1970-01-20 22:17:53	Name: _ga_M1YM36C8RW Value: GS1.1.1687313394.1.0.1687313394.0.0.0
.securityweek.com/	1970-01-20 22:17:53	Name: _ga Value: GA1.1.420308831.1687313395
.doubleclick.net/	1970-01-20 12:41:54	Name: test_cookie Value: CheckForPermission
.securityweek.com/	1970-01-20 22:03:29	Name: __gads Value: ID=9ed1f47ac33d9995:T=1687313394:RT=1687313394:S=ALNI_MbgRp7cLQk8VIZm-14f9qeganDIKw
.securityweek.com/	1970-01-20 22:03:29	Name: __gpi Value: UID=00000c315c976fed:T=1687313394:RT=1687313394:S=ALNI_MY2Z1iwF8HCa3ajzlburUaTs153dA
my.justuno.com/	1970-01-20 12:41:55	Name: __cflb Value: 04dToS6decDvtn94xCdmQthrL5q991KeKU64J5gZ6y
www.securityweek.com/	1970-01-20 12:41:55	Name: _ju_v Value: 4.1_5.65
.securityweek.com/	1970-01-20 12:43:19	Name: _ju_dm Value: cookie
.securityweek.com/	1970-01-20 13:25:05	Name: _ju_dn Value: 1
.hubspot.com/	1970-01-20 12:41:55	Name: __cf_bm Value: KVXpA5WLw5lZWsvgrWqqkD7G3x1ww.jptp.aopywsMw-1687313395-0-AZ/wMTmbZjADINEbnUgqSGiy74rVynEI+cB3q75u82yKtkkrPkDG58MgPEFsHiNk6bVsesU+RWTO1AlKgnAM+vI=
disqus.com/	1970-01-20 12:41:55	Name: __jid Value: 6ogqaoh12rqak7
.disqus.com/	1970-01-20 21:27:29	Name: disqus_unique Value: 6ogqapi26lbk6m
aly.justuno.com/	1970-01-20 12:41:55	Name: __cflb Value: 0H28w1Xe92a6MDGAYhYGQEDF84ZWVCU8dMJiKPuiRhw
.securityweek.com/	1970-01-20 21:27:29	Name: _ju_dc Value: b7dfb54c-0fd8-11ee-b674-91c4ae7a7b76
.securityweek.com/	1970-01-20 12:41:55	Name: _ju_pn Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.securityweek.com
adservice.google.com
ajax.googleapis.com
aly.justuno.com
c.disquscdn.com
cdn.justuno.com
d0a35d75d3d41043b357cafa8cf5fe4d.safeframe.googlesyndication.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
my.justuno.com
pagead2.googlesyndication.com
referrer.disqus.com
region1.google-analytics.com
securepubads.g.doubleclick.net
securityweek.disqus.com
static.cloudflareinsights.com
tpc.googlesyndication.com
track.hubspot.com
use.fontawesome.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.securityweek.com
116.202.46.88
151.101.64.134
199.232.192.134
2001:4860:4802:32::36
2600:9000:20c3:9000:6:8656:f5c0:93a1
2606:4700:20::6818:a003
2606:4700::6810:3965
2606:4700::6810:8cce
2606:4700::6811:6cc7
2606:4700::6811:cb35
2606:4700::6811:d2f3
2606:4700::6812:19c4
2606:4700::6812:863b
2606:4700::6813:9a53
2606:4700:e2::ac40:840f
2a00:1450:4001:806::2003
2a00:1450:4001:811::200e
2a00:1450:4001:812::200a
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d
01877e4bfd2837af4256c15d686966999459ea426582ac4761aa7cd1ad769824
023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
07a391e09587513aa78421c34ed482a17a5e003c2132edd96227d53831a131b0
0803977e647dbdb41c98b4318386f697591604f184a59fcafec52ffba1f6bdef
0978438d354ec5e681207be25f53c69b24700125938105927de69dc0e55bcd48
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
15f371a5eeece01aedd41dc55fca5356cfc6e8376b3485458ead5fe7dbe94b44
22bb1253ebf8405c69bdf9d628ab472e02e1f6a06d3eb07bd171494f6c3b6aea
230dd0c4b28cc9eb4be801d009305f3d7a5c78bf76c3c79cbac1dd3dc3b32a0f
24ca94366d2777c45544e38e8592d63ee8fcc89b406bc3fe717a514512508a85
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2793a7736c4421efb5ec1f639c9b19a081a6b7a91097d4459149fab67c47b9ae
2cd13dab0284cd5046d058f9381c992ad78ceb916d8afcc5505722924af8596d
2d7fe1edfe0835429f5f50fa1b03e99bbc8a49041cab3e8e2066381986a253e9
30e4e62c03cf6890643d49d4329f94513b6536d9127ee8f31e2e1d92f3235f17
31a70ac053fb9095fecfab31d7fed0ee075826150483ba25283082f960f5c8ca
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1
35fa213f71b954999771aef54be9c8a4c7d793353ea3f575cb116d00dd58f2b9
36380ba65c78f1e8a6ee7fd115d7053e7e0ba33f4a5fa1c79d05042fc5db85b0
36fbd3487203ec6ee01e6b5e653cd171ae8d01f5bfd8e6d68c6e9f342eaf031c
37f724a365094e5859ef50dba7afe3764412c6cc9931a8abd7d9dc85751fd881
41514feeb38f4f3d0fcc41d00d04c744e0e534930b030ca6efc0eedb892022ea
42656c5a534309426b3c5452b07c4013df29165e754e36e51d724ad962bebc1f
42d2334a37c0822debb6349ad11fc5ad53f639f59c0819c85bf32a43bb0d9673
42df797095c28cccb8342dca9ff491be0558e4575a62e4f6e641e4c8529cbe5e
42f8505b4b6d5476091672c8ebc27d1ed2b9d21a68890145135578a6737ef053
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46e29ba0653b5e94e76889eee60f21f26035183a904687ad5e902ad870f261a4
49666e3eb8db7069446477b34cb6a47025275b43bc0245ecf6e3ecbc80129c2a
49cb5eebaaf72aa1db4742d8baa9aaeceafd720fd9ded2a97cc507b3c74b702e
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4cd14927179cd88891fae3057a4ce4a7cf499af73f65c3b2e83f32e1598c0288
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
558cc235d4a597a8ec28daee4279486fdd17bc7431b2e15e4634fec0117860c4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
594a9ae0946c65c5b0d44f36c80bd30e19748d90cc50129910d69642cb80825e
5bd060c4d7413c66456b91af3b13d3a3823c90543d9ccebc7a94a892ecb36d27
5c189dd46df7ab8b489d4a3238defd7975ad02f114eb3f72fedadeb6fde7cbe0
5f50b7e2dd83cfd38b606d2eb70bcb99dd4d4c462295db0baecaeabe7812e8f7
60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63cff890e621a5082c7f3f4b29efc9d623227bee235bda3884d058013ec6aba7
643e504c5417068283c7ba2a2e348b0f6c12da9e7b328470424453466d69efa1
67e380395b14a5ac48faabd1838b4e6fd75b01682364f987dc8948975838837c
6a51a6d6bd79870b6abd5772686659f2b8ecd22cdb0a6ceda0e87295ac284414
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
6c54a59e40672f3e9158d83ce46b4546b4773cf9057289a077deafde1549fa2b
6ca4a11275a23a206f19f1198085c7e4f7aab8e1e548142e0139075db8e4bd08
6e0a2f221a71508514882c826bc2499c58d93e09cbe50dfb85bc1b79822f367e
706e4d8669d29a9e13cfb13a59b6c1341ec80a08c9c10eaa465756366006f327
70ec6a6ab4007e089563aee255a80eeb2ac349a4821e1a5bb216b1099c3dde3e
71a9929c39f7b0020a343a7cd3685ae547fba1f21596f7982ed2c1ded802be03
723e03424d188ef9a3eb0f421e4727535cbb8d4fb33ddc0e445e1d5251305d30
729f587a1a4059745b0a4a20223ad378acfae8953a39209bb47fca09fb86fd80
76e0c53e6627c3cc0846a14e7c40f8d5d550ae674df4358cb7b728a5d4e6de07
794a3f88df27cdece064dcaa4ce73387648f766d52210b1b20cf2f50e974b8ff
7c75a31e3f6d090c275a06c437a95f40b8466660ba22a76fa7baf5d0a8c5e667
7d5bf3f8dc9d9dcd608393de3bd8afbeedd5077039b595aaba4529064dbcbe89
7d9b7ee9ae860b2f27e08578dacc166269ab838417994fb62c568ff40245b5a3
7e423a106197def7cbfe1ae2142caf48a39478ddfd3e4e81b7cb033db5bea3c1
7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3
7f295fdb1019a3c2ff2479582f5eda1915c67e8d8634f8b089920f86b6cc4fb7
809ec973a018b6bf8ac18e74bfffc3d25182e6f44df00128d531cf3e07570ee6
83f4310b581cb23f811260ce6268d6294cc7322f8ac4cd9ba59aef0b136a43b2
84a0cc2980f8f000ab8190daf3e806d0d8882c22df0f51b69debf18273b6f97d
89346777ce7c6f26210392c9b07bc408233e16fefe02d4402a10dddc2e074555
8c09f40aa9ac3105f86ea363d58ad2a81f5d5741b810786a1a6291e7dd9d43ad
8cfdb39bb3eb13db74321ecda02848dfe1ac333ddf2d4fde72459c7860fc808b
8e59456a560f58d0b6b7934bfc06e0b2faee5d61e2bdb10eef541dd66bfebe0d
8e8230f2d1e6e230d63f5bd3091ea092eb8d1f447b5f6c84c5b776cf4f50a65d
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
8f9a67517ecfcb0be94790de37e8716ba1234d0d1588cd5032267d3dc3570ca7
91bbc128851e65442a70a7e12e55068d75d7e9b0514c5c9cb7c15fe770cf8899
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
989934f975edb65dc96fce979cc86bf8d5a9453e6113df99622609381ce175d5
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
99aadcfc09927c669749552a47be55e884f5d3444a900bafedc7de6f4a5afe03
9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3
9d7c24cb3877d3352b2f3f29ad6e2aee0418556546acaf0dd5c9bcda16f55e0c
9e46703792f70be4c48661281c43ae7bc4e87cf7301e701fcdf3ecd813633ed3
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2
9f84d0f2e23ebc9a3110529d50b9f83e99068e754b20c81ff8fcf7f078503aa0
a018ab767f279fb68391322c42eacc40517f6a8daa29fedeb4e6b44848917a92
a250d2cc281f6b1f166857726fe5f7cd11dd1f179817da3f3a3353f0771a8f54
a359b0899d6b0f2a149f19bcab1eb81aacb9b4751dba27692c18200b2f6ce0d4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a7c860a1505343bc4dc80a473bfe23f625da447d71af4db67b529065295d5171
a83f279ffab2866365df78e9244339e46d7752b13e43db75ca5200f9a0ec07e3
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
ad59b3c437a380375b4205e22d9bf50856690b094d2fa425ae90971f5b58758e
af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff
afa9c32be463f8f904da58a52ffdd8e60d68273959cae633bd89efbb27fa5b64
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b004e49e537f9b6400d427726636957e8179800c037aa39061308707a7bb49f1
b0096241d1705380fee10a013af1e0dc924066551fef883ec96b0b7503c81ad2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b6d72de748c7db479eee5c19ea8419349bd37edcbfe5572b307b3661835a9251
b749080eccbba106c6b963a2a605a8f07f24d53d0fff888668a26347ef79e0a3
b7c91227ed1cf1d83d32996e4e61a4f77dbdbbc9920a3a29f5ab522d237c74b7
b8dbf228fd3b96810997d6d3e8b9e55e4b183cf9e3c8abe9407fcf1ad58a6979
b9c358163c9330587ecaf732269ef24fb4198cbb2e010b61e7eb8d2a3b3d94e6
bb8ce4edaacacd0675a48e4a1095fbf17542b19e9fcec1a656746eee6d1dd581
bbf94e5438333ae008e9b742cf1dd74dd310f7385ebe6f9ef4fdc82976de34a6
bf8b01a15285873abfae001dc9804d07312ad4cbb565784ec31dd82c71d1f94c
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c54ab568b73e88af409e7615e9c6730d701234ebe9d64b131a08fccb0bef3deb
c6a6ecd56ebd86c4bf8099f38d4acebb360dce6b8ed3b8beebf34e9845510033
c997cfdcf118917154abb4bbc13f3bf1d7a654bcf6834617f642b724c52b2095
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6d935c5494a7d6121e463f319ac4882f805d38989d6dac70ec84a29a203d2e
cc029ab3e2b370db593520f586a7284f14f0ca6c027228a41db3ca3b2e4e3f52
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf01342c724e6c0d84e911d3451b078576a3208c7300378ef80138089e6d79e9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0b1517dc148ec4fdcceacae881103ffa7e54e74c32c7dcde5cdc9826ea735de
d23fd6a13b657ba55789f4a8b098f72d86e253917a83af15a2e4e6ed23a9e5c9
d333c3cbe4bbd75337075043c290bcb26aa01508132b9ea508d43b763483979f
d52495b18649afcb88c1d0c6081dbcb847c9fe0313fbb44984c8f52635f11070
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
da343c70bf28bee6a1a9238dd5147b190b675a523e525e9a52b2bd9aaf48e4e1
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
dbf7c9bddb9ee180560fa0a36e9d0713aeb6357dd8f79ee9ab31bb9246655136
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc2bc3efbc8b25992c66e354e3e34ccbf643942699473a4b16cf63f9e0241598
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dd6ecb2de64d9421f1cb5aeb28b25f287199206649273449573bc73a20b413f2
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2f925db6119917230e885b016055a6a324d33b10585d5c7f106665ec157754e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
e4cc94b363c56c58b41c39282ca5728110a71e97c1eb51d03a8b6c98536d5727
e504e9f649813734dd00f332c49ad8a7b96929b4ee751f8b69c87599c98d23dc
e71d11284fe33d09fe11d031d1517b0383750bc5dba2faf77e87f42a609a1b68
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
eb6220b8e967cb61b96456c1a57c4ac0b012058161c54f1a71103cfb53811d51
ebd21fd785e33300ae6571194031810c2e87373fb139b681888b2423d78a562b
ec99dd07af5b4a5e3b072e941d355bdbfa1db688555cd4100ab61caa2b0bc25d
ecbc91caef45d6527347392a7e67754c5e7e3cf8c99395bf0d387fb1fe4dc8c0
ee5d15d9b1f5bfa5869678f288b9e829239f719ec5cb4ff8345979eb9001870c
f02c04333073962e773be1b3e14a616eb1331ea5a13fd4d8b2fb314e5f3b9684
f1ad56a192cfb796852af711e1326b02a9af338326a60fe291ca65fe8763ddda
f2914edb33157588c8d440c36f1ea06652c133febd1719a344d79d078ec6c41a
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f440f457a683e6429e2915673843aaed6837e8691dd1a6e6140bedc848cd8847
f465619733ebd6fc099bcd00e2095dc29e6d6c2bce6ba849860eee51cbc2f84f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7b4f4c6aced0be2cc9004285b53f58cf62f74012a321e86938f12719fe1113a
f7cea32499cc55e5232ec287c438644afef28297f4248958ee32906dd34ae5f8
f8893360b5c3e56770f4def203e5802050cf300e3f59976457fd548a7b5c07e9
f9b751c1cd0d2b0f91862db987fed9dda48758b15e6f42ca67796b45f4b21702
fa433b899311f6fcb718687df51be730a5a7a3c6ce4dc2474ff26a383307b2ca
fb4bd4419d686ab440d7ceb2101dcd4155b4f18a12c99052a44fb503c349afed
fbac39d3d3370e9ea0816fd757737e3d0ea6d4c30a4dbc61df4b89f38a64dee5

www.securityweek.com Open in urlscan Pro 2606:4700:20::6818:a003 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

193 Requests

100 %HTTPS

88 %IPv6

19 Domains

30 Subdomains

26 IPs

2 Countries

3517 kBTransfer

7381 kBSize

18 Cookies

23 Outgoing links

Redirected requests

193 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securityweek.com Open in urlscan Pro
2606:4700:20::6818:a003 Public Scan

Screenshot
Live screenshot

Full Image

193
Requests

100 %
HTTPS

88 %
IPv6

19
Domains

30
Subdomains

26
IPs

2
Countries

3517 kB
Transfer

7381 kB
Size

18
Cookies

193 HTTP transactions
0 data transactions