duo.com Open in urlscan Pro
13.32.27.69 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Submission: On February 14 via api (February 14th 2023, 8:41:34 pm UTC) from US — Scanned from DE

Summary HTTP 99 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 31 domains to perform 99 HTTP transactions. The main IP is 13.32.27.69, located in United States and belongs to AMAZON-02, US. The main domain is duo.com. The Cisco Umbrella rank of the primary domain is 56544.
TLS certificate: Issued by Amazon on September 22nd 2022. Valid for: a year.

This is the only time duo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	13.32.27.69 13.32.27.69	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a02:26f0:350... 2a02:26f0:3500:893::b33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	23.62.220.254 23.62.220.254	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	3.248.138.237 3.248.138.237	16509 (AMAZON-02) (AMAZON-02)
1	72.163.10.10 72.163.10.10	109 (CISCOSYSTEMS) (CISCOSYSTEMS)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
5	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.224.189.20 13.224.189.20	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	104.87.143.22 104.87.143.22	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
11	104.80.240.231 104.80.240.231	16625 (AKAMAI-AS) (AKAMAI-AS)
1	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
3	35.190.114.154 35.190.114.154	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:806::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:20e... 2600:9000:20eb:e400:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:20e... 2600:9000:20eb:ee00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:ce00:1b:ed91:4680:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400d:807::2004	15169 (GOOGLE) (GOOGLE)
1	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:11a... 2a02:26f0:11a:3a2::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	199.15.214.243 199.15.214.243	15224 (OMNITURE) (OMNITURE)
1	35.165.34.47 35.165.34.47	16509 (AMAZON-02) (AMAZON-02)
2	44.205.143.132 44.205.143.132	14618 (AMAZON-AES) (AMAZON-AES)
2	52.209.87.5 52.209.87.5	16509 (AMAZON-02) (AMAZON-02)
1	34.240.171.169 34.240.171.169	16509 (AMAZON-02) (AMAZON-02)
2	15.236.117.205 15.236.117.205	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	34.75.172.129 34.75.172.129	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.233.52.229 3.233.52.229	14618 (AMAZON-AES) (AMAZON-AES)
2 2	142.251.39.34 142.251.39.34	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	34.232.106.26 34.232.106.26	14618 (AMAZON-AES) (AMAZON-AES)
1	34.255.170.214 34.255.170.214	16509 (AMAZON-02) (AMAZON-02)
99	43

11 13.32.27.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-69.fra56.r.cloudfront.net

duo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:893::b33 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.62.220.254 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-220-254.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.248.138.237 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-138-237.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.163.10.10 (United States)

ASN109 (CISCOSYSTEMS, US)
PTR: cisco-tags.cisco.com

cisco-tags.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-20.fra2.r.cloudfront.net

t.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.87.143.22 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-87-143-22.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.80.240.231 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-80-240-231.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.114.154 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 154.114.190.35.bc.googleusercontent.com

sfc.leadspace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:806::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20eb:e400:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:ee00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ce00:1b:ed91:4680:93a1 (United States)

ASN16509 (AMAZON-02, US)

csxd.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:807::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.52 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a:3a2::1c91 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.15.214.243 (United States)

ASN15224 (OMNITURE, US)

074-uqx-410.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.165.34.47 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-165-34-47.us-west-2.compute.amazonaws.com

gw.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.205.143.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-205-143-132.compute-1.amazonaws.com

q-aus1.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.209.87.5 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-87-5.eu-west-1.compute.amazonaws.com

c.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.240.171.169 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-171-169.eu-west-1.compute.amazonaws.com

cisco.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.117.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

smetrics.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.75.172.129 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 129.172.75.34.bc.googleusercontent.com

sfgw.leadspace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.233.52.229 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-52-229.compute-1.amazonaws.com

k-aus1.contentsquare.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.39.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s38-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.106.26 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-106-26.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.170.214 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-170-214.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 7634 c.6sc.co — Cisco Umbrella Rank: 11607 ipv6.6sc.co — Cisco Umbrella Rank: 8425 b.6sc.co — Cisco Umbrella Rank: 5390	15 KB
11	duo.com duo.com — Cisco Umbrella Rank: 56544	573 KB
7	contentsquare.net t.contentsquare.net — Cisco Umbrella Rank: 3545 csxd.contentsquare.net — Cisco Umbrella Rank: 13637 q-aus1.contentsquare.net — Cisco Umbrella Rank: 9216 c.contentsquare.net — Cisco Umbrella Rank: 3867 k-aus1.contentsquare.net — Cisco Umbrella Rank: 9074	91 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 417 www.linkedin.com — Cisco Umbrella Rank: 572 px4.ads.linkedin.com — Cisco Umbrella Rank: 6267	3 KB
5	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1005 gw.linkedin.oribi.io — Cisco Umbrella Rank: 17130	25 KB
5	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 95 cm.g.doubleclick.net — Cisco Umbrella Rank: 224	1 KB
5	leadspace.com sfc.leadspace.com — Cisco Umbrella Rank: 94136 sfgw.leadspace.com — Cisco Umbrella Rank: 93524	250 KB
5	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 215 cisco.demdex.net — Cisco Umbrella Rank: 22120	7 KB
5	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1102	94 KB
5	cisco.com www.cisco.com — Cisco Umbrella Rank: 1254 cisco-tags.cisco.com — Cisco Umbrella Rank: 31988 smetrics.cisco.com — Cisco Umbrella Rank: 41807	64 KB
4	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 8862	64 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 41	64 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5268	622 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4098 www.google.com — Cisco Umbrella Rank: 2	763 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 412	12 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1525 beacon.krxd.net — Cisco Umbrella Rank: 604	529 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	251 B
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1114 pixel.quantserve.com — Cisco Umbrella Rank: 716	10 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3837	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	136 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 66	173 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 345 fonts.googleapis.com — Cisco Umbrella Rank: 54	89 KB
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 1013	674 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 644	395 B
1	mktoresp.com 074-uqx-410.mktoresp.com — Cisco Umbrella Rank: 233475	121 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 428	810 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1043	1 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 13955	203 B
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 45136	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 834	5 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 756	5 KB
99	31

	Domain	Requested by
11	duo.com	duo.com
9	b.6sc.co
5	tags.tiqcdn.com	www.cisco.com tags.tiqcdn.com
4	cdn.linkedin.oribi.io	snap.licdn.com
4	cdn.bizible.com	www.googletagmanager.com cdn.bizible.com
4	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
4	dpm.demdex.net	1 redirects
3	px.ads.linkedin.com	2 redirects
3	www.google.de
3	stats.g.doubleclick.net	www.googletagmanager.com cdn.bizible.com
3	sfc.leadspace.com	www.googletagmanager.com sfc.leadspace.com
3	bat.bing.com	duo.com bat.bing.com
2	cm.g.doubleclick.net	2 redirects
2	sfgw.leadspace.com	cdn.bizible.com
2	smetrics.cisco.com	cdn.bizible.com tags.tiqcdn.com
2	c.contentsquare.net
2	q-aus1.contentsquare.net	t.contentsquare.net
2	www.facebook.com
2	www.google.com
2	munchkin.marketo.net	duo.com munchkin.marketo.net
2	connect.facebook.net	duo.com connect.facebook.net
2	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com
2	www.cisco.com	duo.com www.googletagmanager.com
1	beacon.krxd.net
1	usermatch.krxd.net	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	analytics.twitter.com
1	k-aus1.contentsquare.net	t.contentsquare.net
1	fonts.googleapis.com	client
1	cisco.demdex.net	tags.tiqcdn.com
1	gw.linkedin.oribi.io	cdn.bizible.com
1	074-uqx-410.mktoresp.com	munchkin.marketo.net
1	pixel.quantserve.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	secure.adnxs.com	cdn.bizible.com
1	csxd.contentsquare.net	t.contentsquare.net
1	rules.quantcount.com	secure.quantserve.com
1	cdn.bizibly.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	duo.com
1	j.6sc.co	duo.com
1	secure.quantserve.com	duo.com
1	t.contentsquare.net	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	cisco-tags.cisco.com
1	code.jquery.com	duo.com
1	ajax.googleapis.com	duo.com
99	50

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
my.goanywhere.com

Subject Issuer	Validity	Valid
www.duosecurity.com Amazon	`2022-09-22` - `2023-10-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
www.cisco.com HydrantID Server CA O1	`2022-11-09` - `2023-11-09`	a year	crt.sh
*.tiqcdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-12` - `2024-01-14`	a year	crt.sh
tagapp-prd-01.cisco.com HydrantID Server CA O1	`2022-07-08` - `2023-07-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
t.contentsquare.net Amazon	`2022-10-13` - `2023-11-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-24` - `2023-02-22`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-05-03`	a year	crt.sh
*.leadspace.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-20` - `2023-10-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
quantserve.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
csxd-02.contentsquare.net Amazon RSA 2048 M01	`2022-11-09` - `2023-12-08`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-01-05` - `2023-07-05`	6 months	crt.sh
q.bf.contentsquare.net Amazon RSA 2048 M01	`2023-01-25` - `2024-02-23`	a year	crt.sh
kep-web.ba.contentsquare.net Amazon RSA 2048 M02	`2022-11-16` - `2023-12-15`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
smetrics.cisco.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-09` - `2023-04-09`	a year	crt.sh
kep-malka.bf.contentsquare.net Amazon	`2022-08-25` - `2023-09-23`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Frame ID: BE83B4C8D85DF66BFF9A984CEFB1B0CD
Requests: 88 HTTP requests in this frame

Frame: https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.1.1.html?pid=5637
Frame ID: E89E6EF2E81978458E8F878D501138E0
Requests: 1 HTTP requests in this frame

Frame: https://q-aus1.contentsquare.net/quota?ct=0
Frame ID: 9CC57A51458DA2089363FEF7F942F52C
Requests: 2 HTTP requests in this frame

Frame: https://cisco.demdex.net/dest5.html?d_nsid=0
Frame ID: 58CCF7E93424A7D5C6DDA85501AFFA7A
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3F18A990703AC8E4DC2828661E9FBBFB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT | Decipher

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

99
Requests

93 %
HTTPS

44 %
IPv6

31
Domains

50
Subdomains

43
IPs

7
Countries

1695 kB
Transfer

4514 kB
Size

53
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/deciphersec

Search URL Search Domain Scan URL

URL: https://www.facebook.com/decipherbyduo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCszm81zKIPoF4ljkBJwmB2g/

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://decipher.sc/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft&hashtags=decipher%2Cdeciphersec&text=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=2090208394329663&display=popup&href=https://decipher.sc/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft&redirect_uri=https://decipher.sc/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://decipher.sc/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft&title=Decipher%3A%20Fortra+Patches+Actively+Exploited+Zero+Day+in+GoAnywhere+MFT&summary=Fortra+has+released+version+7.12+of+its+GoAnywhere+mFT+file+transfer+tool+to+fix+a+zero+day+that+has+been+under+active+attack.&source=Decipher

Search URL Search Domain Scan URL

URL: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
Title: advisory

Search URL Search Domain Scan URL

URL: https://my.goanywhere.com/webclient/Login.xhtml
Title: notification

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245

Request Chain 40

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1676407286563%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true&e_ipv6=AQJIWFFvrdzwIgAAAYZRqS05_tPcABbskqAJZjZMPfcj87Cl_Waf0bceIa36tc1sFXWvpJrgekDJjequ_f_dZsAQwxethw

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDQ1ODczMDI3NTg0NzM1OTY1MjE0MTYzMzY3NTA1MjA0NDY3OTk= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDQ1ODczMDI3NTg0NzM1OTY1MjE0MTYzMzY3NTA1MjA0NDY3OTk=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEC1h1hNX-RgreO9oxtm3JI0&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 89

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=04587302758473596521416336750520446799&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-sAoy8dlE2pFaChSSwmETtLRECR2GzNI9guc-~A

Request Chain 90

https://usermatch.krxd.net/um/v2?partner=adobe&id=04587302758473596521416336750520446799 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04587302758473596521416336750520446799

99 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request fortra-patches-actively-exploited-zero-day-in-goanywhere-mft Show response
duo.com/decipher/ 27 KB
11 KB 592ms
484ms Document
text/html 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

bc0a3936137ce5014955202161eebf2311e43cba122a55322a873171c999c1d2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=300
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 20:41:24 GMT
etag: W/"63ebef60-6adf"
expires: Tue, 14 Feb 2023 20:46:24 GMT
last-modified: Tue, 14 Feb 2023 20:30:24 GMT
referrer-policy: no-referrer-when-downgrade
server: Duo/1.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-id: _xsuIvrOnht6mSu9e19dltX2zYdsXPGY84r68XocTakhEXNmfhWU4w==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-ua-compatible: IE=Edge,chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 production-2021.css
duo.com/css/ 510 KB
98 KB 189ms
188ms Stylesheet
text/css 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/css/production-2021.css?v=1675708213

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

c85ea3de4dbf74f0a5d185421d25c67c38f5225f7761a09fce4f0f4ad515e3ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 06 Feb 2023 18:30:13 GMT
server: Duo/1.0
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: W/"63e14735-7f833"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: XkIsTM_Pae_-ge_STToxvmZN5hg229HF7sTgTVbh43BgOsAlY_72mg==
expires: Wed, 14 Feb 2024 20:41:24 GMT

GET
H2 200 d-logo--dark.svg
duo.com/assets/img/decipher/logos/ 4 KB
2 KB 182ms
182ms Image
image/svg+xml 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/assets/img/decipher/logos/d-logo--dark.svg

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

431a961732e7d25ade3585946346fb7851946a1d8f4f4270b0b988914ba01520

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
last-modified: Tue, 12 Apr 2022 20:00:42 GMT
server: Duo/1.0
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: W/"6255da6a-ff5"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: pao1BRqEwJaUi5d1XbG-wmLozg1XZSMm6TrncZXgJmLJUfOuVFG7IA==
expires: Wed, 14 Feb 2024 20:41:24 GMT

GET
H2 200 aW1nL3Nlby1pbWFnZXMvZGltYS1wZWNodXJpbi0xNDQzMTUwLWRvb3IuanBn
duo.com/img/asset/ 58 KB
59 KB 936ms
935ms Image
image/jpeg 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/img/asset/aW1nL3Nlby1pbWFnZXMvZGltYS1wZWNodXJpbi0xNDQzMTUwLWRvb3IuanBn?w=1000&h=470&fit=crop&s=8e6407b0e54a794ccc6b7865872b6d14

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

4f324b4d5038babc476c7adafacd7fa44544b3679cdef4ae5e448535b446f048

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-length: 59302
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 14 Feb 2023 20:41:25 GMT
server: Duo/1.0
content-type: image/jpeg
cache-control: max-age=300
permissions-policy: interest-cohort=()
x-amz-cf-id: UgCKt9wLBqVKtaLQY5NuX7sFA5BhFK3_gThUesvKI89luwugDpgwaQ==
expires: Tue, 14 Feb 2023 20:46:25 GMT

GET
H2 200 d-logo--footer.svg
duo.com/assets/img/decipher/logos/ 3 KB
2 KB 475ms
474ms Image
image/svg+xml 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/assets/img/decipher/logos/d-logo--footer.svg

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
last-modified: Tue, 12 Apr 2022 20:00:42 GMT
server: Duo/1.0
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: W/"6255da6a-b5f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: aHQ6IYSI_0Ut2ahebLdCf7cayri7_XFslhiSsLMO0HbSp0zLI6Kiww==
expires: Wed, 14 Feb 2024 20:41:25 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ 88 KB
88 KB 67ms
21ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 10:21:56 GMT
x-content-type-options: nosniff
age: 123568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89664
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 18:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Feb 2024 10:21:56 GMT

GET
H2 200 jquery-migrate-3.4.0.min.js Show response
code.jquery.com/ 13 KB
5 KB 87ms
23ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.4.0.min.js
Requested by: Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:24 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
server: nginx
etag: W/"62f659d6-3470"
vary: Accept-Encoding
x-hw: 1676407284.dop162.fr8.t,1676407284.cds135.fr8.hn,1676407284.cds291.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 4792

GET
H2 200 production-2021.min.js Show response
duo.com/js/build/ 753 KB
268 KB 640ms
639ms Script
application/javascript 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/js/build/production-2021.min.js?v=1667839214

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

fc8df0de40643645e0982d1ac6f5dc3cfcd4a17966ae4e3657771ad7ea75767c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 07 Nov 2022 16:40:14 GMT
server: Duo/1.0
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: W/"636934ee-bc566"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: mFEQn0XqiUyOJIv6JVyWtyrrl1KQ3uxhrAIgg2OIwBimLiwOJ95g7A==
expires: Wed, 14 Feb 2024 20:41:25 GMT

GET
H2 200 ctm.js Show response
www.cisco.com/c/dam/cdc/t/ 133 KB
31 KB 365ms
26ms Script
application/x-javascript 2a02:26f0:3500:893::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:893::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

d0fd8df76a3a6c3e75b447717c0b88fecd4b657507b8f03097f6e6804ed1b3e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be;
strict-transport-security: max-age=31536000
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
x-xss-protection: 1; mode=block
content-length: 30803
pragma: no-cache
cdchost: wemxweb-publish-prod1-01
server: Apache
etag: "2136a-5f3cdeff7b773-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Tue, 14 Feb 2023 20:41:25 GMT

GET
H2 200 din1451alt-webfont.woff2
duo.com/fonts/din1451alt/ 17 KB
18 KB 643ms
642ms Font
application/octet-stream 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/fonts/din1451alt/din1451alt-webfont.woff2

Requested by

Host: duo.com
URL: https://duo.com/css/production-2021.css?v=1675708213

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/css/production-2021.css?v=1675708213
Origin: https://duo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-length: 17424
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 20:01:08 GMT
server: Duo/1.0
etag: "6255da84-4410"
content-type: application/octet-stream
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: v_HVo3LT9IgjXd5FEDtok8x5YorjvgvTt14IBhY1QrneJeNI66iV2Q==
expires: Tue, 14 Feb 2023 20:46:25 GMT

GET
H2 200 din1451alt_g-webfont.woff2
duo.com/fonts/din1451alt/ 22 KB
23 KB 631ms
631ms Font
application/octet-stream 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/fonts/din1451alt/din1451alt_g-webfont.woff2

Requested by

Host: duo.com
URL: https://duo.com/css/production-2021.css?v=1675708213

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/css/production-2021.css?v=1675708213
Origin: https://duo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-length: 22668
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 20:01:08 GMT
server: Duo/1.0
etag: "6255da84-588c"
content-type: application/octet-stream
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: fPXLAvWBfqhe4ZLheX9Y6jWgsIbBtQGE4rNiTwfBM_TSArPgs83J4Q==
expires: Tue, 14 Feb 2023 20:46:25 GMT

GET
H2 200 diamond.svg
duo.com/assets/img/decipher/svg/ 187 B
667 B 180ms
180ms Image
image/svg+xml 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://duo.com/assets/img/decipher/svg/diamond.svg

Requested by

Host: duo.com
URL: https://duo.com/css/production-2021.css?v=1675708213

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

45f9c9efb71fae4c333607520017c544fb9dc13100dd260f6148eb179b919d68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/css/production-2021.css?v=1675708213
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
last-modified: Tue, 12 Apr 2022 20:00:42 GMT
server: Duo/1.0
x-amz-cf-pop: FRA56-C2
etag: "6255da6a-bb"
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
accept-ranges: bytes
content-length: 187
x-amz-cf-id: I0RjxquWb77IJg-HLS6it1z8Z7uo8QP_13EC3vA9VgPgDWAnUQewgg==
expires: Wed, 14 Feb 2024 20:41:25 GMT

GET
H2 200 icon-sprite.20210112.svg Show response
duo.com/fonts/ 240 KB
81 KB 180ms
179ms XHR
image/svg+xml 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://duo.com/fonts/icon-sprite.20210112.svg

Requested by

Host: duo.com
URL: https://duo.com/js/build/production-2021.min.js?v=1667839214

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

Duo/1.0 /

Resource Hash

d9218d98cd999ad151e3b5ff5e2d7021b93f1c806c49ffc1f60a3f476d64747e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: public
date: Tue, 14 Feb 2023 20:41:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
last-modified: Tue, 12 Apr 2022 20:01:08 GMT
server: Duo/1.0
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
etag: W/"6255da84-3c031"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000
x-amz-cf-id: 0jD3ul7EUiQbKqAhP_aop3PwM00w-PJiPgx9aUTuEcxFnglpZVsidQ==
expires: Wed, 14 Feb 2024 20:41:25 GMT

GET
H2 404 data.json Show response
duo.com/public/json-bodymovin/d-logo-dark/ 48 KB
11 KB 182ms
182ms XHR
text/html 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://duo.com/public/json-bodymovin/d-logo-dark/data.json
Requested by: Host: duo.com
URL: https://duo.com/js/build/production-2021.min.js?v=1667839214
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-69.fra56.r.cloudfront.net
Software: Duo/1.0 /
Resource Hash: 7f497734a8fdb8dcde8393ff758ff7d2a7d2cc3d987e6f8e20ca600e89964f26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
server: Duo/1.0
x-amz-cf-pop: FRA56-C2
etag: W/"63a07ee0-c1c9"
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: text/html; charset=utf-8
x-amz-cf-id: CTKm3aInQefoIe52odVsRFRKOQxrth0HOQ7OxqJMTAq6e000vwLKCg==

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 221 KB
60 KB 158ms
59ms Script
application/x-javascript 23.62.220.254
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Requested by: Host: www.cisco.com
URL: https://www.cisco.com/c/dam/cdc/t/ctm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.220.254 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-254.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: aa26849a271390b7438d49707eccee0cdb2ab86807a1c7a887ebfa2b610adc2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 17:18:20 GMT
server: AkamaiNetStorage
etag: "ff31716fea3a5a6dc2b93fffed5041eb:1675358300.429843"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Tue, 14 Feb 2023 20:46:26 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245

973 B
1 KB

117ms
117ms

XHR
application/json

3.248.138.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245

Protocol

HTTP/1.1

Server

3.248.138.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-138-237.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bd8bf3cda6279206a853066016a0dfeb42fd8088b952c866a060b8ce450f0955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v046-0d6696b06.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: xgO4Cd86Rv8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://duo.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 530
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v046-00542c3f7.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: sXXLa+VzTK4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://duo.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1676407286245
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 utag.5.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 73 KB
26 KB 37ms
37ms Script
application/x-javascript 23.62.220.254
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202302021717
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.220.254 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-254.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 51a86ab2dbf5812030373f1cd8f877d684cc7a1344219114d31407a68c9d63eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Fri, 17 Jun 2022 14:14:47 GMT
server: AkamaiNetStorage
etag: "e34a251e0ddbb1327acf87266727b12c:1655475287.087442"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 26089
expires: Wed, 01 Mar 2023 20:41:26 GMT

GET
H2 200 utag.52.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 19 KB
7 KB 34ms
34ms Script
application/x-javascript 23.62.220.254
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.52.js?utv=ut4.46.202302021717
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.220.254 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-254.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: af4ce84d6905c9b51263f61ff822273e5e49cbdf94df508c4b51a18f32d3ddd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 17:18:20 GMT
server: AkamaiNetStorage
etag: "23e6825f7fc2e1516e5b99576f1751ed:1675358300.260496"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 6881
expires: Wed, 01 Mar 2023 20:41:26 GMT

GET
H2 200 utag.28.js Show response
tags.tiqcdn.com/utag/cisco/duo/prod/ 2 KB
1 KB 36ms
36ms Script
application/x-javascript 23.62.220.254
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.28.js?utv=ut4.46.202106171628
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.220.254 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-254.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c72062a60866c674a25f2a5b5d8344e9509c7381a6472f2a484325ac14597ee8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Thu, 17 Jun 2021 16:28:49 GMT
server: AkamaiNetStorage
etag: "097dc543fb3caec1bac670f2bd520652:1623947329.572906"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 999
expires: Wed, 01 Mar 2023 20:41:26 GMT

GET
H/1.1 200
OK ntpagetag.gif
cisco-tags.cisco.com/tag/ 85 B
598 B 925ms
159ms Image
image/gif 72.163.10.10
CISCOSYSTEMS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cisco-tags.cisco.com/tag/ntpagetag.gif?js=1&ts=1676407286291.826&lc=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&rs=1600x1200&cd=24&ln=en&tz=GMT&jv=0&ck=UnicaNIODID%3Dundefined&utag_main_v_id=018651a929ce001898f7acebcf2b03073005506b00b08&meta.viewport=width%3Ddevice-width%2C%20initial-scale%3D1.0%2C%20user-scalable%3Dyes&title=fortra%20patches%20actively%20exploited%20zero%20day%20in%20goanywhere%20mft%20%7C%20decipher&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&tag=ut4.46.202302021718&entitlement=undefined&locale=en-us&meta.country=us&meta.locale=us&breakpoint=unavailable&content_type=no%20contenttype&linktrack=linkpage&loc=http%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&cookie_length=0&meta.iapath=no%20iapath&hier1=no%20iapath&meta.wm_reporting_category=no%20iapath&sa_source=meta.iapath&t_profile=cisco.duo&t_load=ctm&suite=cisco-complete&returnVisit=false&cookies=true&localstorage=true&dnt=false&conversion=event1&adobeVersions=AppMeasurement%3Dna%2CVisitorJS%3Dna%2CMbox%3Dna&meta.msapplication-tilecolor=%23000000&meta.msapplication-config=%2Fassets%2Fimg%2Fdecipher%2Ffavicons%2Fbrowserconfig.xml&meta.theme-color=%23ffffff&meta.robots=index%2Cfollow%2Carchive&meta.fb:app_id=2090208394329663&meta.og:site_name=decipher&meta.og:type=website&meta.og:url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&meta.twitter:card=summary_large_image&meta.twitter:site=%40deciphersec&meta.twitter:creator=%40deciphersec&meta.og:title=fortra%20patches%20actively%20exploited%20zero%20day%20in%20goanywhere%20mft&meta.twitter:title=fortra%20patches%20actively%20exploited%20zero%20day%20in%20goanywhere%20mft&meta.description=fortra%20has%20released%20version%207.12%20of%20its%20goanywhere%20mft%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.&meta.og:description=fortra%20has%20released%20version%207.12%20of%20its%20goanywhere%20mft%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.&meta.twitter:description=fortra%20has%20released%20version%207.12%20of%20its%20goanywhere%20mft%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.&meta.twitter:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fdima-pechurin-1443150-door.jpg&meta.og:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fdima-pechurin-1443150-door.jpg&meta.og:image:width=1200&meta.og:image:height=630&meta.bitly-verification=040b99f315c6&meta.google-site-verification=svd8ahbyylsc2wljqdzwij1d2tnu8-u3fbldciehxdu&meta.twitter:widgets:csp=on&meta.msvalidate.01=27fb624dbd3f07315a4bf69f5d649c68&ets=1676407286293.709

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

72.163.10.10 , United States, ASN109 (CISCOSYSTEMS, US),

Reverse DNS

cisco-tags.cisco.com

Software

Apache/2.4 /

Resource Hash

b96b64444f7d52c39b5716fe4d3e8d0433c67fb79731a4400188835d97b74bce

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 20:41:27 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'self'; object-src 'self'
Last-Modified: Fri, 12 Jun 2009 13:18:26 GMT
Server: Apache/2.4
ETag: "55"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=1000
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 326 KB
96 KB 110ms
46ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

175a5685a8182716c7cc7c64e0da38f050b08d3fa7ddfa87056731adcbac733f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98284
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 18:22:47 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Feb 2023 20:41:26 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
243 B 31ms
30ms Script
application/x-javascript 23.62.220.254
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cisco/duo/202302021717&cb=1676407286301
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.220.254 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-254.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 22
expires: Tue, 14 Feb 2023 20:51:26 GMT

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 111 KB
44 KB 87ms
38ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-WV3KTWL

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c63e9febd93bec4f7ad13045fde9b201a5e90bd5d972f171ebb2c41a99d3dac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44430
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 18:22:47 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Feb 2023 20:41:26 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 83ms
18ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Fri, 10 Feb 2023 02:55:21 GMT
server: ECS (frb/67D4)
age: 76993
etag: "91acae1dfb3cd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32316

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 18:54:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 6396
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 14 Feb 2023 20:54:50 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 82ms
21ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=50457
accept-ranges: bytes
content-length: 4777

GET
H2 200 ebdaa317731b0.js Show response
t.contentsquare.net/uxa/ 335 KB
89 KB 99ms
37ms Script
application/javascript 13.224.189.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-20.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c7c9bf0f8b5507cc709136d8fdc87ecb7b95645eeee7722d48596e7a6017b2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 10:57:52 GMT
content-encoding: gzip
via: 1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 90094
last-modified: Fri, 10 Feb 2023 10:57:10 GMT
server: AmazonS3
etag: "1c82a17ee8a8a882ac219607b77e786b"
vary: Origin
content-type: application/javascript;charset=utf-8
cache-control: max-age=900
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7OOtoOkGzAaFIUaPX-le0HufFIlyPdYfHppfeEhUGemAU_LDNVZPVw==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 69ms
20ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 14 Feb 2023 20:41:26 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: PWHSQYdKAMsoyLCTbm13Yjh0oDZuy0Swn6Uvofv6QvMLL/XnHQkavQ4JIcEVxxflCNkxW24NH/+P0k/VIUmmlg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin-beta.js Show response
munchkin.marketo.net/ 1 KB
1 KB 132ms
38ms Script
application/x-javascript 104.87.143.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin-beta.js
Requested by: Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.87.143.22 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-87-143-22.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: aaf173c00687da3d4328c0a1593d764175af1cb6708fa79ca5febcdc5f7de161

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 20:41:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Feb 2023 02:35:29 GMT
Server: AkamaiNetStorage
ETag: "7ea9bdc17bda32d919638e9e573666e3:1675391729.535053"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 116ms
46ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 14 Feb 2023 20:41:25 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3F27E98C111940BBAC0A65B5843B9713 Ref B: FRA31EDGE0814 Ref C: 2023-02-14T20:41:26Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11552

GET
H2 200 aquant.js Show response
secure.quantserve.com/ 25 KB
10 KB 88ms
21ms Script
application/javascript 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Requested by: Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2a15822e997e4b7b172e4b1e4c1366dd01f10ff936a8971ce15510f207b5d25c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
etag: "u+riIbpeWSVolXo4r+dT2g=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 21 Feb 2023 20:41:26 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
10 KB 121ms
27ms Script
application/javascript 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Feb 2023 18:18:39 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63e538ff-820b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10438
expires: Tue, 14 Feb 2023 20:41:26 GMT

GET
H2 200 ctm.js Show response
www.cisco.com/c/dam/cdc/t/ 133 KB
31 KB 26ms
26ms Script
application/x-javascript 2a02:26f0:3500:893::b33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cisco.com/c/dam/cdc/t/ctm.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:893::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

d0fd8df76a3a6c3e75b447717c0b88fecd4b657507b8f03097f6e6804ed1b3e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .cisco.com .jasper.com .ciscospark.com .ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com .webex.com .cdw.com .cdwg.com .cdw.ca .meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com .itquotes.ie dteonline.com ampito-cisco.com arkphire.com .insight.com .ccsmedia.com .ebuyer.com .lambda-tek.com .storm-technologies.com .vohkus.com .bechtle.com .rainfocus.com .broadbandbuyer.com .hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be;
strict-transport-security: max-age=31536000
x-test-debug: nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1
x-xss-protection: 1; mode=block
content-length: 30803
pragma: no-cache
cdchost: wemxweb-publish-prod1-01
server: Apache
etag: "2136a-5f3cdeff7b773-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Tue, 14 Feb 2023 20:41:26 GMT

GET
H2 200 lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
6 KB 115ms
26ms Script
application/x-javascript 205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: duo.com
URL: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Thu, 22 Sep 2022 17:10:43 GMT
x-amz-request-id: tx000000000000024ca153e-0063e3a978-4a0466ab-sfo2a
etag: "9a8767fa98da937fb02cdbbc52a101bb"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1676407286.dop006.fr8.t,1676407286.cds052.fr8.hn,1676407286.cds270.fr8.c
content-type: application/x-javascript
cache-control: max-age=61954
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 5776

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 19ms
18ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
last-modified: Fri, 10 Feb 2023 02:55:21 GMT
server: ECS (frb/67D4)
age: 76993
etag: "91acae1dfb3cd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32316

GET
H2 200 SmartForms.js Show response
sfc.leadspace.com/ 3 KB
4 KB 72ms
22ms Script
application/javascript 35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/SmartForms.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:40:38 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 48
x-guploader-uploadid: ADPycdt-epv-KWsdbXLgv5ebgqGTatKXs_VE7dkYZ5Ji5thzfP3FpyML216BZRWONbEHVxbGqqlStprc5dxfOweKaboJ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2718
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Sun, 30 Oct 2022 13:46:44 GMT
server: UploadServer
etag: "557a04d61944100c7badd3f08c3e0fd3"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1667137604492492
x-goog-hash: crc32c=6Pcn1A==, md5=VXoE1hlEEAx7rdPwjD4P0w==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 2718
x-frame-options: SAMEORIGIN
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 14 Feb 2023 21:40:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
76 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

af15b40e4f839fe7f714fc9a4440ba68e8d2b31ef649f7cc23dd39e4128ce191

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77805
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 14 Feb 2023 20:41:26 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
248 B 78ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-95Z7P6PE75&gtm=45je32d0&_p=876361600&_gaz=1&cid=1453677470.1676407287&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676407286&sct=1&seg=0&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&dt=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 84ms
29ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-95Z7P6PE75&cid=1453677470.1676407287&gtm=45je32d0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 166ms
76ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-95Z7P6PE75&cid=1453677470.1676407287&gtm=45je32d0&aip=1&z=710158737

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/7540/domain/duo.com/ 37 B
375 B 163ms
85ms XHR
application/json 2600:9000:20eb:e400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb

Request headers

Accept: *
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:29:59 GMT
content-encoding: gzip
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 687
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: yPIlGUQ9WTeDkUVsmlaLUBi-xgTkl-I1uzMBBFivf7p0Z0vXnMRtfg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%26time%3D1676407286563%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true&e_ipv6=AQ...

0
265 B

336ms
160ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true&e_ipv6=AQJIWFFvrdzwIgAAAYZRqS05_tPcABbskqAJZjZMPfcj87Cl_Waf0bceIa36tc1sFXWvpJrgekDJjequ_f_dZsAQwxethw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CFB878A635AF4F3FB01E83EBF87E85A0 Ref B: FRAEDGE1421 Ref C: 2023-02-14T20:41:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0rvzeyLa0plhYpFs+EQ==

Redirect headers

date: Tue, 14 Feb 2023 20:41:26 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 58C2CD5B91C0498B9841264ACC1ECBC8 Ref B: FRAEDGE2007 Ref C: 2023-02-14T20:41:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540&time=1676407286563&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&liSync=true&e_ipv6=AQJIWFFvrdzwIgAAAYZRqS05_tPcABbskqAJZjZMPfcj87Cl_Waf0bceIa36tc1sFXWvpJrgekDJjequ_f_dZsAQwxethw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0rvzYk6Y2diXbQqaCHA==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/7540/domain/duo.com/ 37 B
374 B 161ms
85ms XHR
application/json 2600:9000:20eb:e400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb

Request headers

Accept: *
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:29:59 GMT
content-encoding: gzip
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 687
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: THgdupE_uVZi2afnV0Gnw7soc9waP8GP2qGjWY1xS1-yiNtvkjuZEQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/7540/domain/duo.com/ 37 B
376 B 152ms
77ms XHR
application/json 2600:9000:20eb:e400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/7540/domain/duo.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb

Request headers

Accept: *
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:29:59 GMT
content-encoding: gzip
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 687
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: TM6oYR0kVXjpkdOzt0rtkl_LnIASsTImVKC0z8Z6HYl4oNOigvu1UA==

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
304 B 19ms
19ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=21101670e37c42678002398d924b6012&_biz_s=3240c5&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&_biz_t=1676407286573&_biz_i=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&_biz_n=0&a=duo.com&rnd=277867&cdn_o=a&_biz_z=1676407286575
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
last-modified: Wed, 08 Feb 2023 14:12:16 GMT
server: ECS (frb/6760)
age: 541750
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 19ms
18ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=21101670e37c42678002398d924b6012&_biz_s=3240c5&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&_biz_t=1676407286578&_biz_i=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&a=duo.com&rnd=670681&cdn_o=a&_biz_z=1676407286578
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
last-modified: Thu, 09 Feb 2023 23:58:42 GMT
server: ECS (frb/67C2)
age: 420165
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 216127175396154 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 71ms
70ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/216127175396154?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b2e3ab9534b251c07239751c86eb902321748418201488f575f9b6d701961ff9

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 14 Feb 2023 20:41:26 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: HfwvsQJrTnqII3Y14UGQ5TFWTTGllTdrzvF02Qr3HXb0OCoQGGN/gpcq/H/jEQf1AxrVk3wWEQXUDZe8DzHR9g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 rules-p-4CduNLZtPCAtp.js Show response
rules.quantcount.com/ 2 KB
1 KB 136ms
49ms Script
application/javascript 2600:9000:20eb:ee00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4CduNLZtPCAtp.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-4CduNLZtPCAtp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ee00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f69a82e80bb0f4bf2b963cc41704257bb7c27a2830eac8c549898e333a77a68f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:31:58 GMT
content-encoding: gzip
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 569
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 14 Oct 2022 06:32:47 GMT
server: AmazonS3
etag: W/"34d1f7453407b67de9c442d34b1233a9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: s5w26uWdgbBQynIYi7NhKJhCi7lEA80VQvip945hKdfsMVs5evq4ag==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
114 B 30ms
29ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=876361600&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&ul=en-us&de=UTF-8&dt=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABQAAAAC~&jid=1469643344&gjid=1670964687&cid=1453677470.1676407287&tid=UA-20141016-1&_gid=1602242549.1676407287&_r=1&_slc=1&gtm=45He32d0n71MFPB9D&z=2015806824

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
343 B 75ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1037162271&gjid=2100936570&_gid=1602242549.1676407287&_u=aCDAgAABQAAAAG~&z=704391890

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
192 B 24ms
24ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=876361600&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&ul=en-us&de=UTF-8&dt=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgAABQAAAAC~&jid=1037162271&gjid=2100936570&cid=1453677470.1676407287&tid=UA-20141016-1&_gid=1602242549.1676407287&gtm=45He32d0n71MFPB9D&cg3=Decipher%20Traffic%20Only&z=2108180334

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Feb 2023 22:06:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 81310
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 4006052.js Show response
bat.bing.com/p/action/ 0
117 B 121ms
120ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/4006052.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 14 Feb 2023 20:41:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 24CBF9907E3946919829C5320BDD0EEB Ref B: FRA31EDGE0814 Ref C: 2023-02-14T20:41:26Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
288 B 240ms
239ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=4006052&Ver=2&mid=927eb379-cc5d-4bc2-845f-d88586dcc6e9&sid=f3b1a610aca711ed8185d59e06dc0f76&vid=f3b1d830aca711ed96ff19a6dff183e8&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher&p=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&r=&lt=1854&evt=pageLoad&sv=1&rn=927640

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 14 Feb 2023 20:41:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E904C381954A4ABFAF09DE371C538EF9 Ref B: FRA31EDGE0814 Ref C: 2023-02-14T20:41:26Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
525 B 130ms
127ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=21101670e37c42678002398d924b6012&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.28&a=duo.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: e0cf14bd9b2d68af9bc4a25aced4faca68bd477aceec6cbd1d11969015d6391d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: 44F6CED6
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 219

GET
H2 200 xdframe-single-domain-1.1.1.html Show response
csxd.contentsquare.net/uxa/ Frame E89E 2 KB
1 KB 131ms
21ms Document
text/html 2600:9000:2057:ce00:1b:ed91:4680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.1.1.html?pid=5637
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:ce00:1b:ed91:4680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1a9abb0dc96d5a0fcc121a6de3a2c29c193a91d2f68939080e111b54d01d9e8

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3180734
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Mon, 09 Jan 2023 01:09:13 GMT
etag: W/"fbd0a9f9a63a143cf028aca21682b386"
last-modified: Mon, 07 Mar 2022 15:32:43 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
x-amz-cf-id: c8ccA1s0ZDsEDgCrncFJvVg98qB-cBhParxSMZsK0y7wNgE2C6iLog==
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: Hit from cloudfront

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 27ms
27ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1469643344&gjid=1670964687&_gid=1602242549.1676407287&_u=aADAAAAAQAAAAC~&z=1341829367

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://duo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 02b1ef27-3673-48d0-8244-a5731f52c6fe
https://duo.com/ 698 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://duo.com/02b1ef27-3673-48d0-8244-a5731f52c6fe
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5c15de058a21dcd2de9176187f534a06c5f430b40a99ceb36a8dc983c6dc370

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Length: 698
Content-Type: application/javascript

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 164ms
73ms Image
image/gif 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1037162271&_u=aCDAgAABQAAAAG~&z=677820099

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 74ms
72ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1037162271&_u=aCDAgAABQAAAAG~&z=677820099

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 53ms
53ms Script
application/x-javascript 104.87.143.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin-beta.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.87.143.22 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-87-143-22.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 20:41:26 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Thu, 25 May 2023 20:41:26 GMT

GET
H2 200 oribili.js Show response
cdn.linkedin.oribi.io/7540/ 72 KB
24 KB 78ms
31ms Script
application/javascript 2600:9000:20eb:e400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/7540/oribili.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:e400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9425e201802508d3508b64c3a5d9e7443d268271ed9536a5fadc2961ec633afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:37:08 GMT
content-encoding: gzip
via: 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 258
vary: accept-encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript;charset=UTF-8
cache-control: public, max-age=300
x-amz-cf-id: 6YFthKNuIxjQO4E_YypwHK1oEMd7XYCEzUnyuDJh52-O_IT2IYkR0A==

GET
H2 200 74041.js Show response
sfc.leadspace.com/ 51 KB
52 KB 158ms
157ms Script
text/javascript 35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/74041.js

Requested by

Host: sfc.leadspace.com
URL: https://sfc.leadspace.com/SmartForms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

84bcda975287ae82a621b995a7fa115a14e23819f512f6c901b8f30e344669b8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 0
x-guploader-uploadid: ADPycdtQdN06wiw3iqm2gs2nHES8KGWz9YWIPYB9t4dIFv0gNb4i2KCZcM4V6kzFXxv1Ky-Ov1bEuw40r0aZbMU7Tq9fxbaxwgvy
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52668
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Sun, 18 Dec 2022 08:20:45 GMT
server: UploadServer
etag: "9262edb1908b557213735553b633518b"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1671351645312076
x-goog-hash: crc32c=lCPU+A==, md5=kmLtsZCLVXITc1VTtjNRiw==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 52668
x-frame-options: SAMEORIGIN
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 14 Feb 2023 21:41:26 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
810 B 90ms
32ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 20:41:26 GMT
AN-X-Request-Uuid: 3cf18bcb-d1ce-443f-b55f-2f04639cfd22
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://duo.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 84.19.175.165; 84.19.175.165; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
196 B 39ms
25ms XHR
text/html 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-80-240-231.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
332 B 130ms
33ms XHR
text/html 2a02:26f0:11a:3a2::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:3a2::1c91 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cd1130fc313fd94cd23665e7ef0806259ea34bb373fe18b6b7c64ae76d2545f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://duo.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:2:1012:3080:1090:8dfe
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465668_1600460636_53976907_23_892_28_0";dur=1
content-length: 36
expires: Tue, 14 Feb 2023 20:41:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 76ms
21ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&rl=&if=false&ts=1676407286756&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676407286755.280413538&it=1676407286586&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 14 Feb 2023 20:41:26 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 127ms
71ms Image
image/gif 2a00:1450:400d:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1469643344&_u=aADAAAAAQAAAAC~&z=2105584035

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 72ms
71ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-20141016-1&cid=1453677470.1676407287&jid=1469643344&_u=aADAAAAAQAAAAC~&z=2105584035

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=198903100;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft;uht=2;fpan=1;fpa=P0-409067574-1...
pixel.quantserve.com/ 35 B
371 B 32ms
21ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=198903100;labels=_fp.event.Default;rf=0;a=p-4CduNLZtPCAtp;url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft;uht=2;fpan=1;fpa=P0-409067574-1676407286593;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=duo.com;dst=0;et=1676407286763;tzo=0;ogl=site_name.Decipher%2Ctype.website%2Curl.https%3A%2F%2Fduo%252Ecom%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywher%2Ctitle.Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%2Cdescription.Fortra%20has%20released%20version%207%252E12%20of%20its%20GoAnywhere%20mFT%20file%20transfer%20tool%20to%20fix%2Cimage.https%3A%2F%2Fduo%252Ecom%2Fassets%2Fimg%2Fseo-images%2Fdima-pechurin-1443150-door%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.630;ses=adb8072f-03bd-4b80-98e3-fb9df42d5d66

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H/1.0 200
OK visitWebPage
074-uqx-410.mktoresp.com/webevents/ 43 B
121 B 983ms
169ms Ping
image/gif 199.15.214.243
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://074-uqx-410.mktoresp.com/webevents/visitWebPage?_mchNc=1676407286789&_mchCn=&_mchId=074-UQX-410&_mchTk=_mch-duo.com-1676407286788-66004&_mchHo=duo.com&_mchPo=&_mchRu=%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.15.214.243 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: BigIP /
Resource Hash: cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Length: 43
Server: BigIP

POST
H2 202 event Show response
gw.linkedin.oribi.io/ 0
180 B 592ms
191ms XHR
text/plain 35.165.34.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gw.linkedin.oribi.io/event
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.34.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-34-47.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://duo.com
date: Tue, 14 Feb 2023 20:41:27 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain

GET
H2 200 /
px.ads.linkedin.com/ws_collect/ 0
143 B 406ms
404ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/ws_collect/?pid=7540&timestamp=1676407286827&raw_event_id=7540-11f8da36-1bed-bb06-8d1d-a27037133e01-1676407286824
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:26 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 144AC652EE67491B9384CB1B60EC2566 Ref B: FRAEDGE2007 Ref C: 2023-02-14T20:41:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0rvzV0+bRbTlgrCJUmw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 262ms
225ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=null&visitor=f8c7a07d-2b94-46e2-8303-bd64fdf33bb5&session=8809562c-f28d-4180-86f4-7799fa2ba575&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2014%20Feb%202023%2020%3A41%3A26%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2014%20Feb%202023%2020%3A41%3A26%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22361da14e9cc9e3c3150a35780c1bec6b%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2014%20Feb%202023%2020%3A41%3A26%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2014%20Feb%202023%2020%3A41%3A26%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Fortra%20has%20released%20version%207.12%20of%20its%20GoAnywhere%20mFT%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&pageViewId=40a1d32f-8b7a-4743-850e-9f2602a69ec4&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 quota
q-aus1.contentsquare.net/ Frame 0
0 367ms
113ms Preflight 44.205.143.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://q-aus1.contentsquare.net/quota?ct=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.205.143.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-205-143-132.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://duo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
date: Tue, 14 Feb 2023 20:41:27 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
timing-allow-origin: *

POST
H2 200 quota Show response
q-aus1.contentsquare.net/ Frame 9CC5 29 B
243 B 114ms
113ms Fetch
application/json 44.205.143.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://q-aus1.contentsquare.net/quota?ct=0
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.205.143.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-205-143-132.compute-1.amazonaws.com
Software: /
Resource Hash: 70c705d49e04d07b8353972235ca2f2f7f48c1ddbb671829a282558b991a8fa1

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 20:41:27 GMT
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression
content-length: 29
access-control-allow-methods: POST, OPTIONS
content-type: application/json

GET
H2 204 pageview
c.contentsquare.net/ 0
320 B 188ms
44ms Image
text/plain 52.209.87.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/pageview?pid=5637&uu=c302e885-d23f-aba1-ad28-905a068e7379&sn=1&hd=1676407286&pn=1&dw=1600&dh=2904&ww=1600&wh=1200&sw=1600&sh=1200&dr=&url=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&uc=0&la=en-US&v=12.3.0&pvt=n&ex=&r=992097
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.87.5 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-87-5.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:27 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 219ms
216ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=null&visitor=f8c7a07d-2b94-46e2-8303-bd64fdf33bb5&session=8809562c-f28d-4180-86f4-7799fa2ba575&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A2%3A1012%3A3080%3A1090%3A8dfe%22%7D&isIframe=false&m=%7B%22description%22%3A%22Fortra%20has%20released%20version%207.12%20of%20its%20GoAnywhere%20mFT%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&pageViewId=40a1d32f-8b7a-4743-850e-9f2602a69ec4&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK dest5.html Show response
cisco.demdex.net/ Frame 58CC 7 KB
3 KB 739ms
140ms Document
text/html 34.240.171.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cisco.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.171.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-171-169.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v046-0ca0386dc.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 18tv6IBuRx8=
content-encoding: gzip
date: Tue, 14 Feb 2023 20:41:27 GMT
last-modified: Wed, 8 Feb 2023 11:53:45 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.cisco.com/ 48 B
450 B 743ms
156ms XHR
application/x-javascript 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.cisco.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&mid=11428289193685373811884280204130662094&ts=1676407286990

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

c9e86cacbc54e2b07428c2e94ccdc8f3ec12616a23b79420062b93d23813bdd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://duo.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 204 dvar
c.contentsquare.net/ 0
319 B 103ms
45ms Image
text/plain 52.209.87.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.contentsquare.net/dvar?v=12.3.0&pid=5637&uu=c302e885-d23f-aba1-ad28-905a068e7379&sn=1&pn=1&dv=H4sIAAAAAAAAA6tWSi72TSxJzsjMS%2FdOrVSyUjLQMzQ1MjU0MLU0MTcwsjAzt7SMNzQzNzMxMDeyMDcwNFSqBQBWS50YNQAAAA%3D%3D&ct=2&r=968622
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.87.5 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-87-5.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:27 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: inline
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With
expires: Sun, 24 Oct 1982 23:00:00 GMT

GET
H3 200 sf5.js Show response
sfc.leadspace.com/ 194 KB
194 KB 25ms
25ms Script
application/javascript 35.190.114.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sfc.leadspace.com/sf5.js

Requested by

Host: sfc.leadspace.com
URL: https://sfc.leadspace.com/SmartForms.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

154.114.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

d914684a085399f9b850a1e962e66965528830404f7d0764155048d743946580

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:12:53 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
age: 1714
x-guploader-uploadid: ADPycdvmm7ZGFT08g-kfjIC78SAiwOZ0VMuSLIF7AU1nKgVmEfyDxn8-mqPkHfW-tOLy3h09gijdm-xNep4_2tZ3EABaFA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198228
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Sun, 30 Oct 2022 13:46:45 GMT
server: UploadServer
etag: "529f581ba08bcbe4268b655da36b2dfc"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1667137605881823
x-goog-hash: crc32c=QYwRww==, md5=Up9YG6CLy+Qmi2Vdo2st/A==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
feature-policy: camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com
x-goog-stored-content-length: 198228
x-frame-options: SAMEORIGIN
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 14 Feb 2023 21:12:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
932 B 84ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Feb 2023 20:41:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 20:35:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Feb 2023 20:41:27 GMT

POST
H/1.1 200
OK match Show response
sfgw.leadspace.com/ip/ 121 B
1 KB 182ms
182ms XHR
application/json 34.75.172.129
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sfgw.leadspace.com/ip/match

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

34.75.172.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

129.172.75.34.bc.googleusercontent.com

Software

Prod /

Resource Hash

04c1995fd19f799561f8051800f589c8179f8e0b4901418e7275e8e2dae24461

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' https://.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.aptrinsic.com; img-src www.google-analytics.com https://.leadspace.com https://.aptrinsic.com https://storage.googleapis.com; connect-src https://.leadspace.com wss://.leadspace.com https://.aptrinsic.com https://.google-analytics.com; frame-src https://.leadspace.com; style-src 'unsafe-inline' https://.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://.leadspace.com https://.aptrinsic.com; frame-ancestors https://.leadspace.com; media-src https://.leadspace.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
accept-language: de-DE,de;q=0.9
Authorization: 74041
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
content-security-policy: default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Prod
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Origin
content-type: application/json
access-control-allow-origin: https://duo.com
access-control-allow-credentials: true
content-length: 121
x-xss-protection: 1; mode=block

OPTIONS
H/1.1 200
OK match
sfgw.leadspace.com/ip/ Frame 0
0 663ms
221ms Preflight 34.75.172.129
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sfgw.leadspace.com/ip/match

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

34.75.172.129 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

129.172.75.34.bc.googleusercontent.com

Software

Prod /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'unsafe-inline' https://.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://.aptrinsic.com; img-src www.google-analytics.com https://.leadspace.com https://.aptrinsic.com https://storage.googleapis.com; connect-src https://.leadspace.com wss://.leadspace.com https://.aptrinsic.com https://.google-analytics.com; frame-src https://.leadspace.com; style-src 'unsafe-inline' https://.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://.leadspace.com https://.aptrinsic.com; frame-ancestors https://.leadspace.com; media-src https://.leadspace.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://duo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type
access-control-allow-methods: POST
access-control-allow-origin: https://duo.com
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
content-security-policy: default-src 'self'; script-src 'unsafe-inline' https://*.leadspace.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.aptrinsic.com; img-src www.google-analytics.com https://*.leadspace.com https://*.aptrinsic.com https://storage.googleapis.com; connect-src https://*.leadspace.com wss://*.leadspace.com https://*.aptrinsic.com https://*.google-analytics.com; frame-src https://*.leadspace.com; style-src 'unsafe-inline' https://*.leadspace.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com; style-src-elem 'unsafe-inline' https://*.leadspace.com https://*.aptrinsic.com; frame-ancestors https://*.leadspace.com; media-src https://*.leadspace.com
date: Tue, 14 Feb 2023 20:41:26 GMT
referrer-policy: no-referrer
server: Prod
strict-transport-security: max-age=31536000; includeSubdomains
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 3F18 0
66 B 19ms
19ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://duo.com
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://duo.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 20:41:27 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 recording Show response
k-aus1.contentsquare.net/v2/ Frame 9CC5 0
187 B 502ms
221ms Fetch 3.233.52.229
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://k-aus1.contentsquare.net/v2/recording?rt=5&v=12.3.0&pid=5637&uu=c302e885-d23f-aba1-ad28-905a068e7379&sn=1&pn=1&ri=1&rst=1676407287003&let=1676407287425&ct=2
Requested by: Host: t.contentsquare.net
URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.233.52.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-52-229.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 20:41:27 GMT
timing-allow-origin: *
access-control-allow-headers: Access-Control-Expose-Headers, Content-Type, Content-Compression
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS

GET
H2 200 s2416066457754 Show response
smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/ 927 B
1 KB 176ms
175ms Script
application/x-javascript 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/s2416066457754?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=14%2F1%2F2023%2020%3A41%3A27%202%200&d.&nsid=0&jsonv=1&.d&sdid=2D2656D4486535C9-7194D98340A9E9FD&mid=11428289193685373811884280204130662094&aamlh=6&ce=UTF-8&ns=cisco&pageName=duo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&g=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&cc=USD&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=fortra%20patches%20actively%20exploited%20zero%20day%20in%20goanywhere%20mft%20%7C%20decipher&h1=duo.com%3Adecipher%3Afortra-patches-actively-exploited-zero-day-in-goanywhere-mft&c2=undefined%3Ano%20iapath%3Afortra-patches-actively-exploited-zero-day-in-goanywhere-mft&c3=duo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&h3=no%20iapath&c10=12%3A41%20PM%7CTuesday&v10=12%3A41%20PM%7CTuesday&v25=duo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&v26=no%20contenttype&c28=no%20iapath&v28=no%20iapath&c33=en-us&v33=en-us&c41=duo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&c46=ut4.46.202302021718&v48=undefined&c50=cisco-complete&c51=unavailable&c53=no%20contenttype&c59=018651a929ce001898f7acebcf2b03073005506b00b08&v63=unavailable&v77=AppMeasurement%3D2.12.0%2CVisitorJS%3D4.1.0%2CMbox%3Dna&v78=dnt%3Dfalse%2Ccookies%3Dtrue%2Clocalstorage%3Dtrue&v92=0.15251059470286799_1676407287011&v98=cisco.duo&v106=11428289193685373811884280204130662094&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&AQE=1

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.46.202302021717

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

068aae367ac8603776acae4a1eafb654b629c0040e8dc2ec6963f68f09b9d7d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-aam-tid: JnFDOXTKSH0=
date: Tue, 14 Feb 2023 20:41:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 927
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v046-08630f9eb.edge-irl1.demdex.com 3 ms
pragma: no-cache
last-modified: Wed, 15 Feb 2023 20:41:27 GMT
server: jag
etag: 3600057237110751232-4619809351773881036
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 13 Feb 2023 20:41:27 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 222ms
222ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:27 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEC1h1hNX-RgreO9oxtm3JI0&google_cver=1
dpm.demdex.net/ Frame 58CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDQ1ODczMDI3NTg0NzM1OTY1MjE0MTYzMzY3NTA1MjA0NDY3OTk=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDQ1ODczMDI3NTg0NzM1OTY1MjE0MTYzMzY3NTA1MjA0NDY3OTk=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEC1h1hNX-RgreO9oxtm3JI0&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

116ms
115ms

Image
image/gif

3.248.138.237
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEC1h1hNX-RgreO9oxtm3JI0&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Server

3.248.138.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-138-237.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v046-095b292e2.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: f4twF9kyT7c=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 20:41:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEC1h1hNX-RgreO9oxtm3JI0&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 58CC 43 B
395 B 318ms
128ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=04587302758473596521416336750520446799&p_id=38594

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-response-time: 109
date: Tue, 14 Feb 2023 20:41:27 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: d8792cf3b03cd436
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 394797174de3e41174c6cab7205fd996311ad665eb1680f2b7263e58897615d7
content-length: 43

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 58CC
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=04587302758473596521416336750520446799&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-sAoy8dlE2pFaChSSwmETtLRECR2GzNI9guc-~A

42 B
942 B

115ms
114ms

Image
image/gif

3.248.138.237
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-sAoy8dlE2pFaChSSwmETtLRECR2GzNI9guc-~A

Protocol

HTTP/1.1

Server

3.248.138.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-138-237.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v046-0138048db.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: JsYdvkY+SbQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Tue, 14 Feb 2023 20:41:28 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0108.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-sAoy8dlE2pFaChSSwmETtLRECR2GzNI9guc-~A
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 58CC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=adobe&id=04587302758473596521416336750520446799
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04587302758473596521416336750520446799

0
338 B

182ms
43ms

Image
text/plain

34.255.170.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04587302758473596521416336750520446799
Protocol: H2
Server: 34.255.170.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-170-214.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cisco.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-served-by: beacon-n016-dub-prod.krxd.net
date: Tue, 14 Feb 2023 20:41:28 GMT
cache-control: private, no-cache, no-store
x-request-time: D=36 t=1676407288
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=04587302758473596521416336750520446799
date: Tue, 14 Feb 2023 20:41:28 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a008-ash-prod.krxd.net

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 458ms
458ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 220ms
220ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 224ms
223ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 227ms
227ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 227ms
226ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 222ms
222ms Image
image/gif 104.80.240.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.80.240.231 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-240-231.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:41:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=361da14e9cc9e3c3150a35780c1bec6b&svisitor=null&visitor=f8c7a07d-2b94-46e2-8303-bd64fdf33bb5&session=8809562c-f28d-4180-86f4-7799fa2ba575&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2014%20Feb%202023%2020%3A41%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2014%20Feb%202023%2020%3A41%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228017%22%7D&isIframe=false&m=%7B%22description%22%3A%22Fortra%20has%20released%20version%207.12%20of%20its%20GoAnywhere%20mFT%20file%20transfer%20tool%20to%20fix%20a%20zero%20day%20that%20has%20been%20under%20active%20attack.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Fortra%20Patches%20Actively%20Exploited%20Zero%20Day%20in%20GoAnywhere%20MFT%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft&pageViewId=40a1d32f-8b7a-4743-850e-9f2602a69ec4&an_uid=0

Verdicts & Comments Add Verdict or Comment

321 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.duo.com/	1970-01-20 18:25:43	Name: UnicaNIODID Value: undefined
.duo.com/	1970-01-20 18:25:43	Name: utag_main Value: v_id:018651a929ce001898f7acebcf2b03073005506b00b08$_sn:1$_se:1$_ss:1$_st:1676409086223$ses_id:1676407286223%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:duo.com$ctm_ss:true%3Bexp-session
.duo.com/	1970-01-20 11:49:43	Name: _gcl_au Value: 1.1.1211345788.1676407286
.duo.com/	1970-01-20 19:16:07	Name: _ga_95Z7P6PE75 Value: GS1.1.1676407286.1.0.1676407286.60.0.0
.duo.com/	1970-01-20 18:25:43	Name: _biz_uid Value: 21101670e37c42678002398d924b6012
.duo.com/	1970-01-20 09:40:09	Name: _biz_sid Value: 3240c5
.duo.com/	1970-01-20 18:25:43	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 18:25:43	Name: _BUID Value: 21101670e37c42678002398d924b6012
.duo.com/	1970-01-20 19:16:07	Name: _ga Value: GA1.2.1453677470.1676407287
.duo.com/	1970-01-20 09:41:33	Name: _gid Value: GA1.2.1602242549.1676407287
.duo.com/	1970-01-20 09:40:07	Name: _gat_UA-20141016-1 Value: 1
.bizibly.com/	1970-01-20 18:25:43	Name: _BUID Value: 0cda3aa7cf1f100938a53ba1862e5fc8
.duo.com/	1970-01-20 09:40:07	Name: _dc_gtm_UA-20141016-1 Value: 1
.duo.com/	1970-01-20 09:41:33	Name: _uetsid Value: f3b1a610aca711ed8185d59e06dc0f76
.duo.com/	1970-01-20 19:01:43	Name: _uetvid Value: f3b1d830aca711ed96ff19a6dff183e8
.duo.com/	1970-01-20 18:25:43	Name: _biz_pendingA Value: %5B%5D
duo.com/	1970-01-20 09:41:33	Name: ln_or Value: eyI3NTQwIjoiNzU0MCJ9
.duo.com/	1970-01-20 11:49:43	Name: _fbp Value: fb.1.1676407286755.280413538
.duo.com/	1970-01-20 18:25:43	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.demdex.net/	1970-01-20 13:59:19	Name: demdex Value: 04587302758473596521416336750520446799
.duo.com/	1970-01-20 19:16:07	Name: _mkto_trk Value: id:074-UQX-410&token:_mch-duo.com-1676407286788-66004
.quantserve.com/	1970-01-20 19:10:21	Name: mc Value: 63ebf1f6-bf81f-92b0e-df093
.duo.com/	1970-01-20 19:04:36	Name: __qca Value: P0-409067574-1676407286593
.linkedin.com/	1970-01-20 10:23:19	Name: UserMatchHistory Value: AQLxK1k_ybYWRgAAAYZRqSvGZNPE7WmAaHxot_iW-v0N7eKS_lfsdse-PawRBrA68CBwxmXN5DX3Pg
.linkedin.com/	1970-01-20 10:23:19	Name: AnalyticsSyncHistory Value: AQJ4wwwmZpvAaQAAAYZRqSvG2CoAg8FVgDioBLxNWlAhPAHG4BS8xL09DUExcOhKesH-mAV2NAdMon1R2Pm9NQ
.linkedin.com/	1970-01-20 18:25:43	Name: bcookie Value: "v=2&8f8e6708-0fe3-4651-863d-7e9a5192664f"
.linkedin.com/	1970-01-20 09:41:33	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2707:u=1:x=1:i=1676407286:t=1676493686:v=2:sig=AQEgj0IChU3-7GkE464qC9XmAk9yoToS"
.duo.com/	1970-01-20 18:25:43	Name: oribili_user_guid Value: 2dc94041-f7ed-ba3f-2b47-1decd4d71edb
duo.com/	1970-01-20 09:50:12	Name: _an_uid Value: 0
duo.com/	1970-01-20 19:16:07	Name: _gd_visitor Value: f8c7a07d-2b94-46e2-8303-bd64fdf33bb5
duo.com/	1970-01-20 09:40:21	Name: _gd_session Value: 8809562c-f28d-4180-86f4-7799fa2ba575
.bing.com/	1970-01-20 19:01:43	Name: MUID Value: 32FC996D35426C84148D8BD534EE6D2E
.duo.com/	1970-01-20 19:09:31	Name: _cs_c Value: 0
.duo.com/	1970-01-20 19:09:31	Name: _cs_id Value: c302e885-d23f-aba1-ad28-905a068e7379.1676407286.1.1676407286.1676407286.1627413105.1710571286938
.www.linkedin.com/	1970-01-20 18:25:43	Name: bscookie Value: "v=1&2023021420412640d9ea95-2fdd-4484-845d-58c8f630685fAQFbLKP7FUImvAcUlbO7OZZ2WzJQLkCz"
.linkedin.com/	1970-01-20 13:59:19	Name: li_gc Value: MTswOzE2NzY0MDcyODY7MjswMjH9oLj8WIwqwxrHL7XNWTfij/Q01Br4bkrJZ6WgKoHbuQ==
.duo.com/	1969-12-31 23:59:59	Name: AMCVS_B8D07FF4520E94C10A490D4C%40AdobeOrg Value: 1
.duo.com/	1970-01-20 09:40:09	Name: _cs_mk Value: 0.15251059470286799_1676407287011
.csxd.contentsquare.net/	1970-01-20 19:09:31	Name: _cs_id___5637 Value: c302e885-d23f-aba1-ad28-905a068e7379.1676407286.1.1676407286.1676407286.1627413105.1710571286938
.6sc.co/	1970-01-20 19:16:07	Name: 6suuid Value: 6fd6dd58b11e0000f7f1eb63ae00000081775c00
.duo.com/	1970-01-20 09:40:09	Name: _cs_s Value: 1.5.0.1676409087436
.csxd.contentsquare.net/	1970-01-20 09:40:09	Name: _cs_s___5637 Value: 1.5.0.1676409087436
.duo.com/	1970-01-20 09:40:09	Name: gpv_v9 Value: duo.com%2Fdecipher%2Ffortra-patches-actively-exploited-zero-day-in-goanywhere-mft
.duo.com/	1969-12-31 23:59:59	Name: s_ptc Value: %5B%5BB%5D%5D
.duo.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.duo.com/	1970-01-20 19:16:07	Name: AMCV_B8D07FF4520E94C10A490D4C%40AdobeOrg Value: 281789898%7CMCIDTS%7C19403%7CMCMID%7C11428289193685373811884280204130662094%7CMCAAMLH-1677012086%7C6%7CMCAAMB-1677012086%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1676414487s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.1.0
.duo.com/	1970-01-20 10:23:19	Name: aam_uuid Value: 04587302758473596521416336750520446799
.doubleclick.net/	1970-01-20 19:01:43	Name: IDE Value: AHWqTUlbECBjifbYDrhSI3crYXXTIBysjh7ehcca456YrpG_kNKARJNfIR7nOubcayg
.demdex.net/	1970-01-20 13:59:19	Name: dextp Value: 771-1-1676407287753\|1123-1-1676407287854\|30646-1-1676407287954\|66757-1-1676407288055
.dpm.demdex.net/	1970-01-20 13:59:19	Name: dpm Value: 04587302758473596521416336750520446799
.yahoo.com/	1970-01-20 18:26:04	Name: A3 Value: d=AQABBPjx62MCEJSdFoq7jQmMLh_J20R4J1U&S=AQAAApAOg0noZeiIkOyB8DJj13o
.twitter.com/	1970-01-20 19:16:07	Name: personalization_id Value: "v1_G15WOW1QlqAHbldIi8oDqg=="
.krxd.net/	1970-01-20 13:59:19	Name: _kuid_ Value: PYTVnbIk

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://duo.com/public/json-bodymovin/d-logo-dark/data.json Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://learn-cloudsecurity.cisco.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

074-uqx-410.mktoresp.com
ajax.googleapis.com
analytics.twitter.com
b.6sc.co
bat.bing.com
beacon.krxd.net
c.6sc.co
c.contentsquare.net
cdn.bizible.com
cdn.bizibly.com
cdn.linkedin.oribi.io
cisco-tags.cisco.com
cisco.demdex.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
code.jquery.com
connect.facebook.net
csxd.contentsquare.net
dpm.demdex.net
duo.com
fonts.googleapis.com
gw.linkedin.oribi.io
ipv6.6sc.co
j.6sc.co
k-aus1.contentsquare.net
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
munchkin.marketo.net
pixel.quantserve.com
px.ads.linkedin.com
px4.ads.linkedin.com
q-aus1.contentsquare.net
region1.analytics.google.com
rules.quantcount.com
secure.adnxs.com
secure.quantserve.com
sfc.leadspace.com
sfgw.leadspace.com
smetrics.cisco.com
snap.licdn.com
stats.g.doubleclick.net
t.contentsquare.net
tags.tiqcdn.com
usermatch.krxd.net
www.cisco.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
b.6sc.co
104.244.42.67
104.80.240.231
104.87.143.22
13.107.42.14
13.224.189.20
13.32.27.69
142.251.39.34
15.236.117.205
152.195.15.58
199.15.214.243
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2a
205.185.216.10
212.82.100.182
23.62.220.254
2600:9000:2057:ce00:1b:ed91:4680:93a1
2600:9000:20eb:e400:2:53b2:240:93a1
2600:9000:20eb:ee00:6:44e3:f8c0:93a1
2620:116:800d:21:ef75:8280:f209:5ba1
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:810::2008
2a00:1450:4001:827::200e
2a00:1450:4001:828::200a
2a00:1450:4001:831::200a
2a00:1450:400c:c0c::9d
2a00:1450:400d:806::2003
2a00:1450:400d:807::2004
2a02:26f0:11a:3a2::1c91
2a02:26f0:3500:16::215:14a0
2a02:26f0:3500:893::b33
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.233.52.229
3.248.138.237
34.232.106.26
34.240.171.169
34.255.170.214
34.75.172.129
35.165.34.47
35.190.114.154
37.252.171.52
44.205.143.132
52.209.87.5
72.163.10.10
04c1995fd19f799561f8051800f589c8179f8e0b4901418e7275e8e2dae24461
0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6
068aae367ac8603776acae4a1eafb654b629c0040e8dc2ec6963f68f09b9d7d7
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
175a5685a8182716c7cc7c64e0da38f050b08d3fa7ddfa87056731adcbac733f
1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992
1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f
2a15822e997e4b7b172e4b1e4c1366dd01f10ff936a8971ce15510f207b5d25c
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3c7c9bf0f8b5507cc709136d8fdc87ecb7b95645eeee7722d48596e7a6017b2a
431a961732e7d25ade3585946346fb7851946a1d8f4f4270b0b988914ba01520
45f9c9efb71fae4c333607520017c544fb9dc13100dd260f6148eb179b919d68
4f324b4d5038babc476c7adafacd7fa44544b3679cdef4ae5e448535b446f048
51a86ab2dbf5812030373f1cd8f877d684cc7a1344219114d31407a68c9d63eb
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
70c705d49e04d07b8353972235ca2f2f7f48c1ddbb671829a282558b991a8fa1
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
7f497734a8fdb8dcde8393ff758ff7d2a7d2cc3d987e6f8e20ca600e89964f26
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84bcda975287ae82a621b995a7fa115a14e23819f512f6c901b8f30e344669b8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9425e201802508d3508b64c3a5d9e7443d268271ed9536a5fadc2961ec633afa
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
aa26849a271390b7438d49707eccee0cdb2ab86807a1c7a887ebfa2b610adc2f
aaf173c00687da3d4328c0a1593d764175af1cb6708fa79ca5febcdc5f7de161
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af15b40e4f839fe7f714fc9a4440ba68e8d2b31ef649f7cc23dd39e4128ce191
af4ce84d6905c9b51263f61ff822273e5e49cbdf94df508c4b51a18f32d3ddd1
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2e3ab9534b251c07239751c86eb902321748418201488f575f9b6d701961ff9
b96b64444f7d52c39b5716fe4d3e8d0433c67fb79731a4400188835d97b74bce
bc0a3936137ce5014955202161eebf2311e43cba122a55322a873171c999c1d2
bd8bf3cda6279206a853066016a0dfeb42fd8088b952c866a060b8ce450f0955
beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410
c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236
c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d
c63e9febd93bec4f7ad13045fde9b201a5e90bd5d972f171ebb2c41a99d3dac7
c72062a60866c674a25f2a5b5d8344e9509c7381a6472f2a484325ac14597ee8
c85ea3de4dbf74f0a5d185421d25c67c38f5225f7761a09fce4f0f4ad515e3ea
c9e86cacbc54e2b07428c2e94ccdc8f3ec12616a23b79420062b93d23813bdd2
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
cd1130fc313fd94cd23665e7ef0806259ea34bb373fe18b6b7c64ae76d2545f4
d0fd8df76a3a6c3e75b447717c0b88fecd4b657507b8f03097f6e6804ed1b3e8
d1a9abb0dc96d5a0fcc121a6de3a2c29c193a91d2f68939080e111b54d01d9e8
d914684a085399f9b850a1e962e66965528830404f7d0764155048d743946580
d9218d98cd999ad151e3b5ff5e2d7021b93f1c806c49ffc1f60a3f476d64747e
db707c392c1c879d068ad124f8d1232613aa29e630a4fbd5e217f618bdff41fb
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0cf14bd9b2d68af9bc4a25aced4faca68bd477aceec6cbd1d11969015d6391d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c15de058a21dcd2de9176187f534a06c5f430b40a99ceb36a8dc983c6dc370
e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e
ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f69a82e80bb0f4bf2b963cc41704257bb7c27a2830eac8c549898e333a77a68f
fc8df0de40643645e0982d1ac6f5dc3cfcd4a17966ae4e3657771ad7ea75767c
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

duo.com Open in urlscan Pro 13.32.27.69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

99 Requests

93 %HTTPS

44 %IPv6

31 Domains

50 Subdomains

43 IPs

7 Countries

1695 kBTransfer

4514 kBSize

53 Cookies

8 Outgoing links

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

duo.com Open in urlscan Pro
13.32.27.69 Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

93 %
HTTPS

44 %
IPv6

31
Domains

50
Subdomains

43
IPs

7
Countries

1695 kB
Transfer

4514 kB
Size

53
Cookies

99 HTTP transactions
0 data transactions