URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Submission: On February 26 via api from TR — Scanned from DE

Summary

This website contacted 66 IPs in 5 countries across 49 domains to perform 231 HTTP transactions. The main IP is 34.249.200.254, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 187834.
TLS certificate: Issued by R3 on December 28th 2023. Valid for: 3 months.
This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 34.249.200.254 16509 (AMAZON-02)
42 2600:9000:20c... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
13 23.53.42.251 20940 (AKAMAI-ASN1)
1 34.111.224.162 396982 (GOOGLE-CL...)
7 2606:4700::68... 13335 (CLOUDFLAR...)
17 140.82.121.3 36459 (GITHUB)
1 99.84.90.44 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 76.76.21.22 16509 (AMAZON-02)
4 76.76.21.93 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.66.192.9 16509 (AMAZON-02)
1 185.199.109.154 54113 (FASTLY)
8 2600:9000:26d... 16509 (AMAZON-02)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
1 162.159.153.247 13335 (CLOUDFLAR...)
1 146.75.120.157 54113 (FASTLY)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 2606:4700:440... 13335 (CLOUDFLAR...)
6 52.28.63.177 16509 (AMAZON-02)
1 18.66.192.32 16509 (AMAZON-02)
1 18.66.192.78 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2600:9000:26d... 16509 (AMAZON-02)
2 2a04:4e42:400... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 52.205.58.74 14618 (AMAZON-AES)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.173.154.87 16509 (AMAZON-02)
2 34.111.208.231 396982 (GOOGLE-CL...)
2 100.24.93.87 14618 (AMAZON-AES)
2 2620:1ec:bdf::60 8075 (MICROSOFT...)
1 2a03:2880:f10... 32934 (FACEBOOK)
1 151.101.193.140 54113 (FASTLY)
2 54.201.163.72 16509 (AMAZON-02)
1 35.167.166.227 16509 (AMAZON-02)
2 34.159.227.151 396982 (GOOGLE-CL...)
2 2a02:26f0:310... 20940 (AKAMAI-ASN1)
2 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 20.114.189.135 8075 (MICROSOFT...)
1 185.89.210.122 29990 (ASN-APPNEX)
39 18.66.192.93 16509 (AMAZON-02)
3 172.64.150.44 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 68.219.88.97 8075 (MICROSOFT...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
7 34.193.113.164 14618 (AMAZON-AES)
231 66
Apex Domain
Subdomains
Transfer
50 website-files.com
assets-global.website-files.com — Cisco Umbrella Rank: 5876
assets.website-files.com — Cisco Umbrella Rank: 11200
8 MB
40 driftt.com
js.driftt.com — Cisco Umbrella Rank: 6164
rc-widget-frame.js.driftt.com — Cisco Umbrella Rank: 100804
464 KB
17 github.com
gist.github.com — Cisco Umbrella Rank: 44781
95 KB
15 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5326
c.6sc.co — Cisco Umbrella Rank: 8195
ipv6.6sc.co — Cisco Umbrella Rank: 5498
b.6sc.co — Cisco Umbrella Rank: 3594
41 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 2
google.com — Cisco Umbrella Rank: 1
region1.analytics.google.com — Cisco Umbrella Rank: 2663
39 KB
7 drift.com
bootstrap.api.drift.com — Cisco Umbrella Rank: 6891
customer.api.drift.com — Cisco Umbrella Rank: 7456
metrics.api.drift.com — Cisco Umbrella Rank: 6789
event.api.drift.com
6 KB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
657 KB
7 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 306
76 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 775
v.clarity.ms — Cisco Umbrella Rank: 7405
c.clarity.ms — Cisco Umbrella Rank: 1350
28 KB
6 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2864
11 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 350
px4.ads.linkedin.com — Cisco Umbrella Rank: 6418
2 KB
4 metadata.io
cdn.metadata.io — Cisco Umbrella Rank: 8499
api-gw.metadata.io — Cisco Umbrella Rank: 21337
4 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 368
c.bing.com — Cisco Umbrella Rank: 249
16 KB
4 hubspotonwebflow.com
hubspotonwebflow.com — Cisco Umbrella Rank: 33793
26 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 8055
3 KB
3 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2200
17 KB
3 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 4496
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4414
track.hubspot.com — Cisco Umbrella Rank: 2378
27 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 23841
ibc-flow.techtarget.com — Cisco Umbrella Rank: 21782
2 KB
3 neverbounce.com
cdn.neverbounce.com — Cisco Umbrella Rank: 64652
api.neverbounce.com — Cisco Umbrella Rank: 127868
30 KB
2 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4417
2 KB
2 hsforms.com
perf-na1.hsforms.com — Cisco Umbrella Rank: 4828
forms.hsforms.com — Cisco Umbrella Rank: 4280
2 KB
2 fivetran.com
webhooks.fivetran.com — Cisco Umbrella Rank: 39391
325 B
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4526
forms.hscollectedforms.net — Cisco Umbrella Rank: 4639
26 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1234
10 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 710
script.hotjar.com — Cisco Umbrella Rank: 961
60 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 176
71 KB
2 quora.com
a.quora.com — Cisco Umbrella Rank: 5310
q.quora.com — Cisco Umbrella Rank: 3881
15 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
196 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 502
702 B
1 usbrowserspeed.com
a.usbrowserspeed.com — Cisco Umbrella Rank: 2967
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1399
637 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
185 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6553
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 85
246 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 802
727 B
1 t.co
t.co — Cisco Umbrella Rank: 660
378 B
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3178
4 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 5007
88 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2187
22 KB
1 huntresscdn.com
huntresscdn.com — Cisco Umbrella Rank: 6265
112 KB
1 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 8103
2 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 783
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 805
16 KB
1 githubassets.com
github.githubassets.com — Cisco Umbrella Rank: 8462
11 KB
1 refokus.com
tools.refokus.com — Cisco Umbrella Rank: 37604
1 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2453
1 KB
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
31 KB
1 chilipiper.com
js.na.chilipiper.com — Cisco Umbrella Rank: 194802
25 KB
1 huntress.com
www.huntress.com — Cisco Umbrella Rank: 187834
38 KB
231 49
Domain Requested by
42 assets-global.website-files.com www.huntress.com
39 rc-widget-frame.js.driftt.com js.driftt.com
rc-widget-frame.js.driftt.com
17 gist.github.com www.huntress.com
8 assets.website-files.com assets-global.website-files.com
7 b.6sc.co
7 cdn.jsdelivr.net www.huntress.com
cdn.jsdelivr.net
6 tags.srv.stackadapt.com www.huntress.com
tags.srv.stackadapt.com
6 www.gstatic.com www.google.com
www.gstatic.com
5 www.google.com www.huntress.com
www.gstatic.com
www.google.com
4 hubspotonwebflow.com www.huntress.com
hubspotonwebflow.com
4 j.6sc.co www.huntress.com
j.6sc.co
www.googletagmanager.com
3 js.zi-scripts.com www.huntress.com
js.zi-scripts.com
3 px.ads.linkedin.com 2 redirects snap.licdn.com
3 js.hs-banner.com js.hs-scripts.com
js.hs-banner.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.huntress.com
2 event.api.drift.com rc-widget-frame.js.driftt.com
2 customer.api.drift.com rc-widget-frame.js.driftt.com
2 bootstrap.api.drift.com rc-widget-frame.js.driftt.com
2 ws.zoominfo.com js.zi-scripts.com
2 c.clarity.ms 1 redirects
2 v.clarity.ms www.clarity.ms
2 ipv6.6sc.co j.6sc.co
2 c.6sc.co j.6sc.co
2 webhooks.fivetran.com huntresscdn.com
2 api-gw.metadata.io cdn.metadata.io
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 api.neverbounce.com cdn.neverbounce.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 google.com www.googletagmanager.com
2 www.redditstatic.com www.huntress.com
www.redditstatic.com
2 cdn.metadata.io www.huntress.com
2 connect.facebook.net www.huntress.com
connect.facebook.net
2 www.googletagmanager.com www.huntress.com
www.googletagmanager.com
1 metrics.api.drift.com rc-widget-frame.js.driftt.com
1 c.bing.com 1 redirects
1 track.hubspot.com
1 secure.adnxs.com j.6sc.co
1 forms.hsforms.com www.huntress.com
1 fonts.gstatic.com www.google.com
1 perf-na1.hsforms.com www.huntress.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 cta-service-cms2.hubspot.com js.hubspot.com
1 px4.ads.linkedin.com www.huntress.com
1 a.usbrowserspeed.com cdn.metadata.io
1 alb.reddit.com www.huntress.com
1 www.facebook.com www.huntress.com
1 script.hotjar.com static.hotjar.com
1 www.google.de www.huntress.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 analytics.twitter.com www.huntress.com
1 t.co www.huntress.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hsleadflows.net js.hs-scripts.com
1 js.hubspot.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 huntresscdn.com www.huntress.com
1 q.quora.com www.huntress.com
1 trk.techtarget.com www.huntress.com
1 cdn.neverbounce.com www.googletagmanager.com
1 static.hotjar.com www.huntress.com
1 tracking.g2crowd.com www.huntress.com
1 static.ads-twitter.com www.googletagmanager.com
1 a.quora.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 github.githubassets.com gist.github.com
1 js.driftt.com www.huntress.com
1 tools.refokus.com www.huntress.com
1 js.hs-scripts.com www.huntress.com
1 d3e54v103j8qbb.cloudfront.net www.huntress.com
1 js.na.chilipiper.com www.huntress.com
1 www.huntress.com
231 73
Subject Issuer Validity Valid
www.huntress.com
R3
2023-12-28 -
2024-03-27
3 months crt.sh
*.website-files.com
Amazon RSA 2048 M03
2023-09-11 -
2024-10-08
a year crt.sh
www.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
6sc.co
R3
2024-01-29 -
2024-04-28
3 months crt.sh
chilipiper.com
GoGetSSL RSA DV CA
2024-02-05 -
2025-03-07
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
*.github.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-16 -
2024-03-15
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
tools.refokus.com
R3
2024-02-20 -
2024-05-20
3 months crt.sh
*.hubspotonwebflow.com
R3
2024-01-14 -
2024-04-13
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
drift.com
Amazon RSA 2048 M02
2023-08-15 -
2024-09-11
a year crt.sh
*.githubassets.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-28 -
2024-09-27
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
quora.com
R3
2024-01-07 -
2024-04-06
3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-21 -
2024-07-19
a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02
2024-01-21 -
2024-06-27
5 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-12-05 -
2024-03-04
3 months crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M02
2023-09-09 -
2024-10-07
a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M03
2024-02-07 -
2025-03-08
a year crt.sh
neverbounce.com
Amazon RSA 2048 M03
2024-01-29 -
2025-02-25
a year crt.sh
*.metadata.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-29 -
2025-01-28
a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-01-08 -
2024-07-06
6 months crt.sh
*.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.quora.com
R3
2023-12-17 -
2024-03-16
3 months crt.sh
huntresscdn.com
Cloudflare Inc ECC CA-3
2023-05-10 -
2024-05-09
a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2024-01-06 -
2024-12-31
a year crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-01-07 -
2025-01-06
a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-31 -
2024-10-29
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
www.google.de
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
ibc-flow.techtarget.com
GTS CA 1D4
2024-01-13 -
2024-04-12
3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2023-12-07 -
2024-12-07
a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2024-01-15 -
2024-07-13
6 months crt.sh
a.usbrowserspeed.com
Amazon RSA 2048 M02
2024-01-01 -
2025-01-29
a year crt.sh
webhooks.fivetran.com
R3
2024-01-28 -
2024-04-27
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-01-30 -
2024-07-30
6 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01
2024-01-14 -
2024-06-27
5 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.drift.com
Amazon RSA 2048 M01
2023-07-03 -
2024-07-31
a year crt.sh
zi-scripts.com
GTS CA 1P5
2024-01-30 -
2024-04-29
3 months crt.sh
zoominfo.com
E1
2024-02-20 -
2024-05-20
3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Frame ID: 77BD60F92D76F5145C0E5AE68C0ED42A
Requests: 168 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Frame ID: 37EEF5B69AB2D4AD3FA7AB8F8787C218
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Frame ID: 57140212AEDB0391BD372866FA20D5C9
Requests: 3 HTTP requests in this frame

Frame: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Frame ID: 1B1CB7EA88216437205745E4D262E93C
Requests: 45 HTTP requests in this frame

Screenshot

Page Title

SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708)

Detected technologies

Overall confidence: 75%
Detected patterns

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

231
Requests

98 %
HTTPS

52 %
IPv6

49
Domains

73
Subdomains

66
IPs

5
Countries

10411 kB
Transfer

16142 kB
Size

58
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 144
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&cookiesTest=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&cookiesTest=true&e_ipv6=AQJLcFJ8uUXf0AAAAY3jL3-FlVyB0uFgiataIsyTfTvII8xequoJ0uKovxDYOwX2CqTmf1mY
Request Chain 173
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&RedC=c.clarity.ms&MXFR=19CBBC8B85A86A31367DA8BA81A8641E HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&MUID=0C1A49778B4D6A0026B25D468A266BAC

231 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
www.huntress.com/blog/
137 KB
38 KB
Document
General
Full URL
https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-200-254.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
357da7296593e1a9c79ae53bb37df9b0c2fea4268009be8e0ae70bd356d77602
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
38951
content-encoding
gzip
content-length
37987
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Mon, 26 Feb 2024 02:12:35 GMT
referrer-policy
origin
vary
Accept-Encoding,x-wf-forwarded-proto
x-cache
HIT, HIT
x-cache-hits
3, 1
x-cluster-name
eu-west-1-prod-hosting-red
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-lambda-id
ce0b77a5-7a59-4096-93d3-af88626cd3cc
x-served-by
cache-iad-kjyo7100029-IAD, cache-dub4323-DUB
x-timer
S1708913555.065721,VS0,VE1
x-xss-protection
1; mode=block
huntress-new.062b0308b.min.css
assets-global.website-files.com/6579dd0b5f9a54376d296915/css/
317 KB
53 KB
Stylesheet
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
35cdb3c0ae5a9a8e2e65cd7a67fc96efb738547b63efb73d35ef43297eb548b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
QncsA2JTUBb0cpKupo21mEMdXmxqqlgT
content-encoding
gzip
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 02:12:35 GMT
age
10954
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
54164
last-modified
Sat, 24 Feb 2024 00:08:01 GMT
server
AmazonS3
etag
"9597b65a690ce1fcfb3ba248b9f94863"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
w564alHohxSmZsVOuBQG7Vj504ZUghXOCZomf_Cnuw0la0OQqCgWeA==
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
510c92405ce7edbe9ee2be774b3cd37d4da696b91e5670da4f1cdcf2dd92285d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 26 Feb 2024 02:12:35 GMT
8769192b-20ba-4df2-8d62-2740a805c3e8.js
j.6sc.co/j/
1002 B
909 B
Script
General
Full URL
https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
UrRvP5epIIYMFKpHnUIiG3eAjq1aSOQ0
content-encoding
gzip
date
Mon, 26 Feb 2024 02:12:35 GMT
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
511
pragma
no-cache
last-modified
Mon, 04 Dec 2023 23:24:23 GMT
server
AmazonS3
etag
"c6115ff14d497b0e4a2d9c497d7ad5d9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
1cMUqct4lS3dnFs1QnnCF2L2xewileduHCY9gqeqe1orKrf0ikqkNg==
expires
Mon, 26 Feb 2024 02:12:35 GMT
marketing.js
js.na.chilipiper.com/
73 KB
25 KB
Script
General
Full URL
https://js.na.chilipiper.com/marketing.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.224.162 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
162.224.111.34.bc.googleusercontent.com
Software
/
Resource Hash
02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:11 GMT
content-encoding
gzip
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
25
content-security-policy
default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22403
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 02:04:51 GMT
etag
W/"65d2b743-122e0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=60, must-revalidate
x-cache-hit
hit
x-content-security-policy
default-src 'self' blob: data: wss://*.chilipiper.com wss://*.chilipiper.io wss://*.chilipiper.cool wss://*.chilipiper.team https://*.chilipiper.com https://*.chilipiper.io https://*.chilipiper.cool https://*.chilipiper.team https://www.google-analytics.com https://www.googletagmanager.com https://static2.sharepointonline.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://*.rollout.io https://*.facebook.com https://*.marketo.com https://*.mixpanel.com https://*.hubspot.com https://*.pardot.com https://*.getdrip.com https://*.google.com https://*.googleapis.com https://*.hsforms.net https://*.clearbit.com https://www.youtube.com https://s3.amazonaws.com https://sentry.io https://cdn.ravenjs.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://twemoji.maxcdn.com https://*.cloudfront.net https://intercom-sheets.com https://static.intercomassets.com https://js.intercomcdn.com https://cdn.segment.com https://api.segment.io https://maxcdn.bootstrapcdn.com https://*.intercom.io https://*.mutinycdn.com https://*.mutinyhq.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.bugsnag.com https://zoom.us https://*.gotomeeting.com https://*.rollout.io https://*.codox.io https://cdn.tiny.cloud https://js.stripe.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://chilipiper.zendesk.com wss://*.zopim.com https://*.googleusercontent.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.googleadservices.com https://*.digitaloceanspaces.com https://*.ingest.sentry.io https://canny.io/sdk.js https://changelog-widget.canny.io https://edge.fullstory.com https://rs.fullstory.com https://*.lr-in-prod.com https://polyfill.io https://*.planhat.com https://*.sprig.com https://com-chilipiper-prod1.mini.snplow.net https://com-chilipiper-prod1.collector.snplow.net https://fast.chameleon.io https://js.chargify.com https://selfservice.maxio.com https://hooks.slack.com 'unsafe-inline'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; img-src * data: blob: 'unsafe-inline';
slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
2 KB
1 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8111178
x-jsd-version
1.8.1
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220022-FRA, cache-vie6377-VIE
x-jsd-version-type
version
server
cloudflare
etag
W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PI8k9JD5Z6Tajxw8Dl%2BQcz3wdVb7NM06IMFwHhFrLFqDP4BbRHzRj8NQZqO7Z5tSyyZyc058zwa%2FOxM5HhYp7KRVE6MKBSwE7OkYmDDQXMImi4XQcQlUhvzY6Q8qomghKxlUS%2FcemI8wwK%2BpqnE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
85b4a9f7d985451c-TXL
swiper-bundle.min.css
cdn.jsdelivr.net/npm/swiper@11/
18 KB
5 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a283a43e2ac897a9d4f4437afa0ee2f13bd9941612142e4696f623092e44f170
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9106
x-jsd-version
11.0.6
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230090-FRA, cache-lga21935-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"4803-PbrKmT/DPndAJ7kYajUo+uK4NVI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj9LqSnpWCBvxdt7Lizuif2ZL9GjWLtE5Y4px1a%2FHThk5wUb%2Fh6NZZLR4CpVMVHuB7I13A0%2FFe46v7UmEGOif14zgNM4J%2F3%2BHofpbqQY6jbTjeG9olU%2BiUBV7%2FQHPA%2FDdbrrQw7luiHpOnGQ6X4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
85b4a9f7d987451c-TXL
richtext.js
cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/
8 KB
4 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
12744
x-jsd-version
1.10.2
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230082-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"2147-I41v+oq443LPQB6aPqMil27q9QY"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KsEYKORZTLEiDGbpGn0KfvqC11mDdz4sxkWslipQitjslkyHBFR2RA8R3ZBJHnR8iFXQG1x8evcXQcBTUwma5cr0VI5VwbmEioYFVXNZiZ%2FGXqDI6dutE2ecC1soxN9y2lmnOqDn8%2BS64Oesbw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
85b4a9fcfd65451c-TXL
51bec3826690a61dbac53ab30f700a18.js
gist.github.com/Purp1eW0lf/
6 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/51bec3826690a61dbac53ab30f700a18.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
056c1561d3bb28028f13b2d358a359dd7c1666b1e1293cbfffe0e14fb5225076
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1598
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D41C:21F38FD:65DBF393
etag
W/"056c1561d3bb28028f13b2d358a359dd"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d3206a202b5a181d5d8d_eM_PFA2N_ELbNRPOxRdQJowafeW9RDWt7uEd-3f2_Ee2K03eBWVJn13B-k7SG0sTksqW7tqU4soD7u0lvlT0J9QoQ6V0wbCMtmkrJ_ubp7A3btTWBBbur7N8fK02MMYvC80yxMLY_InW44zefG4BwQM.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
178 KB
178 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d3206a202b5a181d5d8d_eM_PFA2N_ELbNRPOxRdQJowafeW9RDWt7uEd-3f2_Ee2K03eBWVJn13B-k7SG0sTksqW7tqU4soD7u0lvlT0J9QoQ6V0wbCMtmkrJ_ubp7A3btTWBBbur7N8fK02MMYvC80yxMLY_InW44zefG4BwQM.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d96ef1be8c45a457c2e1c8b213dac3a4ea3d3f16a79feaa7e7e555c9c28d9414

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
HaLpmZm3_mLPnUWxB2JMK8mRfgIobxPj
date
Sun, 25 Feb 2024 04:30:43 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
78113
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
182100
last-modified
Fri, 23 Feb 2024 17:17:21 GMT
server
AmazonS3
etag
"ffa20f00ab140e4dec0960547be05fa6"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
JSd_znxxK7f0iyOpr9EzB_iGs_vXVfmPcZvRrDZ9hF89P4vYdvhc8w==
65d8d32081beb854be313845_KP59cwJDXaqmRT4uzSAzQ1Q-Jq_4jBTrFTWvzpQ1yi-u7Al8F4VYzqORCfBFqF1n5QfEoh3AYrqw9esODSBtFCgKohGGZju76j6-UfshLo89vsgu2r-fd8ztCT-v0MmofnvJUYPSVTpa3nELKCenwqo.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
392 KB
393 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d32081beb854be313845_KP59cwJDXaqmRT4uzSAzQ1Q-Jq_4jBTrFTWvzpQ1yi-u7Al8F4VYzqORCfBFqF1n5QfEoh3AYrqw9esODSBtFCgKohGGZju76j6-UfshLo89vsgu2r-fd8ztCT-v0MmofnvJUYPSVTpa3nELKCenwqo.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80a8f1e40e10bdf26d3b30f8c9440f148db3998a3ef39bac42e075101f1d8cb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
lpUYXu4GjntsXXGTrImFBSlWZlpkWQjw
date
Mon, 26 Feb 2024 02:12:35 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23904
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
401642
last-modified
Fri, 23 Feb 2024 17:17:21 GMT
server
AmazonS3
etag
"d59ef42083a04cafcb33a12eecadee99"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
6TxJS4Mdjh8x3GwBR6-VTIVm09bjiljv3cdGidl29ZQ-oB4lMYUxFQ==
337ee203dc2a2d85354a24e139ee4285.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/337ee203dc2a2d85354a24e139ee4285.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
c733e71b5001a73229e513824c09657832ecd2d983256196f0fcacedeae7f24a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1408
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D493:21F395C:65DBF393
etag
W/"c733e71b5001a73229e513824c096578"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d35c993757174178f46f_t4p-Ex2rBzyHavjfK1RpAtzLvoxu7O3iZoF3x0r6QqCvtPsDn7gRNb6wGYtRVOeR-4lyT7BqKqVAwYx-KTGF1lvqI-0brPW9kWZ2efwPFHFnSwDr-0Yzh4uOb16sbeYG0_xsULdNXa9oWRnSa-ZD8f8.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
205 KB
206 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d35c993757174178f46f_t4p-Ex2rBzyHavjfK1RpAtzLvoxu7O3iZoF3x0r6QqCvtPsDn7gRNb6wGYtRVOeR-4lyT7BqKqVAwYx-KTGF1lvqI-0brPW9kWZ2efwPFHFnSwDr-0Yzh4uOb16sbeYG0_xsULdNXa9oWRnSa-ZD8f8.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
97aea06a922faa1b6da2c398091124547eef7b7464168e650ceb8a704ea46da2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
WtniO5hi_kFL_qQFSbQNPkPAiDgFN8dV
date
Mon, 26 Feb 2024 02:12:35 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23904
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
210231
last-modified
Fri, 23 Feb 2024 17:18:21 GMT
server
AmazonS3
etag
"52c624632d619b09951345af509a6881"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
dUDeMYV6vrQ5D2F9tNihhhySi_Kb66rNxpsQJWVdYpvCu6wrorYi1g==
65d8d37a37dfe96ab41875ca_cy8h2uKmxlADCQKoYeQK2xXRw5fDqGUSmc48tygPrO0J5CkR9Tbh8-PsaXuDmWKlpOuOflyHxeypTSQuHheyKP6wTM5IOfowouS9jb4eLdzqhB1uAIuQSW1Awsy7CJEugLvChJdoXPWIk-alYJa0EZY.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
1 MB
1 MB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d37a37dfe96ab41875ca_cy8h2uKmxlADCQKoYeQK2xXRw5fDqGUSmc48tygPrO0J5CkR9Tbh8-PsaXuDmWKlpOuOflyHxeypTSQuHheyKP6wTM5IOfowouS9jb4eLdzqhB1uAIuQSW1Awsy7CJEugLvChJdoXPWIk-alYJa0EZY.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c67fbfab07bbad154d44a3879e7ebba6297a3b7553a45d36f8d50ef26881d7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
OlZu84y.p3N06jiu7lx6Z7tr5b4MCKJr
date
Mon, 26 Feb 2024 02:12:35 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23904
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1082475
last-modified
Fri, 23 Feb 2024 17:18:51 GMT
server
AmazonS3
etag
"1770d951888186b764f62decb4b15b62"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
eQpiRmuOTIJFLFwfs6emzz9t0ksWCkG6RO8O36JRSpupJlUM3fWRjw==
65d8d37ac398c2d086d0e019_BN4_vdaEhcprtUY6LXdJWWjIy3y9vhgX5N_q-QyCWScaL7sqQcYuTQaWRgQx-tIrSf0FI_IUL0vYtQ8dzaNH2rlDfnc5kNRSW9WSxNxURLuXOZSFyRxkCuf4ira1v8mYGYL1L7mavzuKS5_4krLy8VI.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
248 KB
249 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d37ac398c2d086d0e019_BN4_vdaEhcprtUY6LXdJWWjIy3y9vhgX5N_q-QyCWScaL7sqQcYuTQaWRgQx-tIrSf0FI_IUL0vYtQ8dzaNH2rlDfnc5kNRSW9WSxNxURLuXOZSFyRxkCuf4ira1v8mYGYL1L7mavzuKS5_4krLy8VI.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb52f110beaa48ccb97f26c20630e3bab10a5547aecd2b8c1907c493f42b4469

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
PtpAdS3eNLVkkxd6OJarV_nKWlZ7vxvR
date
Mon, 26 Feb 2024 02:12:35 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23903
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
253939
last-modified
Fri, 23 Feb 2024 17:18:51 GMT
server
AmazonS3
etag
"8663a3aa7dddcf7c6216c0d54ba74016"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
TxsiLzID2YRg6gpN-n3P4jFa1gbzdo3QsxC4dCy213Tn1Jy2QvEV_Q==
4494103c6677e87832f8a0c9388315b5.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/4494103c6677e87832f8a0c9388315b5.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
6155b0d259f8add5f53f6d44ca1dbd635494b9383590834b8f5a653db3f40193
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1424
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D51E:21F3A10:65DBF393
etag
W/"6155b0d259f8add5f53f6d44ca1dbd63"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d417eb7e58bfad0192d3_lEJBifoA_Ulorbgec52m8Fin0kOVqpD1w0GrbYsV8sYx30tjYg3wTTDiRgyZvifgmsKhm-M-peYfeMzBBrzr6HWml4gakE8BVB6uQd654s69E2o7nvYehmyZ1KNm9ZAuwOWpZZXGCs0LlsPCjiLqibU.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
353 KB
354 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d417eb7e58bfad0192d3_lEJBifoA_Ulorbgec52m8Fin0kOVqpD1w0GrbYsV8sYx30tjYg3wTTDiRgyZvifgmsKhm-M-peYfeMzBBrzr6HWml4gakE8BVB6uQd654s69E2o7nvYehmyZ1KNm9ZAuwOWpZZXGCs0LlsPCjiLqibU.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
643d8860646b831f3730ac8c62b2fd1cba78f4e7afd829816e59746fd3e67320

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
VbtYCfAdbXA1Dj9Hk.255NwT6zJgJHaF
date
Sun, 25 Feb 2024 04:55:28 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
76629
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
361752
last-modified
Fri, 23 Feb 2024 17:21:28 GMT
server
AmazonS3
etag
"79543a0691b4d955fb0ce4cd6e0539c0"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
mjk7x3BsD2NnUJanDtBfdgitB7p0_A2yPBNo93EOM6ur-DvMpB7frg==
65d8d417ab1ab015a6ef8b73_WHIo3mo2HlzAktGXnHSbUjRSeTvVcDxN3bXc3YQ4iA_OcSdRFkfnD-vuE7yi4SOE_dDDbecnZU7qyHlSi5q6oQo4UlKZa5DS8P7vCYmF_qGNnBPgy52p5WnF3O8MHwumn7HCAFUfcHOTPTScjvhNBsw.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
255 KB
256 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d417ab1ab015a6ef8b73_WHIo3mo2HlzAktGXnHSbUjRSeTvVcDxN3bXc3YQ4iA_OcSdRFkfnD-vuE7yi4SOE_dDDbecnZU7qyHlSi5q6oQo4UlKZa5DS8P7vCYmF_qGNnBPgy52p5WnF3O8MHwumn7HCAFUfcHOTPTScjvhNBsw.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80453d3b11578c329f81da100084af8ea743bf6e608359ce9b81f4e803e3cc34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
X0SW16_tW4iwglA6qFUI8J7Z3bG9fDzF
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23903
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
260853
last-modified
Fri, 23 Feb 2024 17:21:28 GMT
server
AmazonS3
etag
"11e35821ee62dd81b52eb4cf9a815a51"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
S7CotSEK76ZXh8cZ0zy-2xufk9UWRQ7Uj48b9mXXX3kapx9Jqw2_kw==
048e4b13cdd9d503884d473da4eb6f09.js
gist.github.com/Purp1eW0lf/
8 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/048e4b13cdd9d503884d473da4eb6f09.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
ecd9220d624977081133536d2847704ec997aa1f22256cd958083a7076e863b0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1760
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D526:21F3A17:65DBF393
etag
W/"ecd9220d624977081133536d2847704e"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d467b790b817c6f2f41e_5oKmL60gSGS8gRqpaPKADnAxTI4l9UGnNq4wEIFelN7pvaqsxG4vOvxeghgb7otyyLUwj3fakUdwVFYFVAO2LGyWP9aKjVnfFtzDTqsBfyv2-9caqPbn_Lsf3esetDjAZjNKtoO695HOqvJrFtFyYvE.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
297 KB
298 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d467b790b817c6f2f41e_5oKmL60gSGS8gRqpaPKADnAxTI4l9UGnNq4wEIFelN7pvaqsxG4vOvxeghgb7otyyLUwj3fakUdwVFYFVAO2LGyWP9aKjVnfFtzDTqsBfyv2-9caqPbn_Lsf3esetDjAZjNKtoO695HOqvJrFtFyYvE.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1c30c3b29c0f7ccf7d7fbab85e43c283eae2fbf73b8576259047a904688cecd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
bv7WsjcBDvG7FTh28T7h4y0bR4GFrvB.
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23903
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
303843
last-modified
Fri, 23 Feb 2024 17:22:48 GMT
server
AmazonS3
etag
"d0ababa9615bb0d5507926fed76d3c88"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
3xnuzbp-8rGKF4o-0kMKC3bRdNZ0B78MFAceteYt2GDGsigtQUtJdA==
65d8d481cc826bdbb35a3ec5_gHHZp3TbxFn7qELTgVLo0u4kiZvi8DIQ-F5oTEcwV4Cxo-TdGJUKdB5jgi5dtuqUtnfSz4y5dG7A8959IC9zJH1eYqydx0kCsbwtaifcWM6QU2nF0vbs2z-hwEL79MaXJYbydk0at9xvb8__H6m0om0.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
206 KB
206 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d481cc826bdbb35a3ec5_gHHZp3TbxFn7qELTgVLo0u4kiZvi8DIQ-F5oTEcwV4Cxo-TdGJUKdB5jgi5dtuqUtnfSz4y5dG7A8959IC9zJH1eYqydx0kCsbwtaifcWM6QU2nF0vbs2z-hwEL79MaXJYbydk0at9xvb8__H6m0om0.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9e1c437bf016e0f39814c0bf143ae6e33818428bda6b93fbaad3dd809f981baa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
a8m6_lfrLAVRDsZmPZdQrG0u0VPp7BBq
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
60162
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
210474
last-modified
Fri, 23 Feb 2024 17:23:14 GMT
server
AmazonS3
etag
"06e863da97562c8388e8e3725bcf0471"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
1JzHXPaPF8KkAhXP6bhqD3xXdOxFdTjsOfL-JC6OGrF1ixgP-qj3hw==
af7f39666433c2d6de709da7a81746ea.js
gist.github.com/Purp1eW0lf/
11 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/af7f39666433c2d6de709da7a81746ea.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
e714aa7cffbf3e68e53014c24faab07d3b3d56029105588e4088b6b57d6a95c1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
2044
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D59A:21F3A89:65DBF393
etag
W/"e714aa7cffbf3e68e53014c24faab07d"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d66e0ebdc61a1354b1a4_95O08vFCV1rVXC7iasZyt4RZt6LAmzp-C1LS5wOrme2Ps5gPMpe7jeFPCvsMT-C3KHIsC5USzaFkUw0StwDGHD-zAZsMUfQVTGqSbHB4edDV-ank03NLLIIQxOPEstYEEmpww04n8GT84hA9kTve3GU.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
296 KB
297 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d66e0ebdc61a1354b1a4_95O08vFCV1rVXC7iasZyt4RZt6LAmzp-C1LS5wOrme2Ps5gPMpe7jeFPCvsMT-C3KHIsC5USzaFkUw0StwDGHD-zAZsMUfQVTGqSbHB4edDV-ank03NLLIIQxOPEstYEEmpww04n8GT84hA9kTve3GU.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c27662ee6163c22fcf55b64766e46e6bc6f8429232fba57aca5c967971837989

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
ArrG6AtBhe7TwzO.8psrzK.GMj_GLU6u
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23903
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
303283
last-modified
Fri, 23 Feb 2024 17:31:27 GMT
server
AmazonS3
etag
"341b57bdc2712bc93f73f60aaa0c91f6"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
rwmjvFNdN0cuLQdrFEhFJloh4MzWXEQhDs3gOgK8AohgLpMOvJMKzw==
debc58b73066fa0185f54eab5660080b.js
gist.github.com/Purp1eW0lf/
6 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/debc58b73066fa0185f54eab5660080b.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
12005f8d2938977c1ebf281dcbd9217acacd7ae9fe0bf2f2c3fed272e0cbe37c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:35 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1608
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D59E:21F3A94:65DBF393
etag
W/"12005f8d2938977c1ebf281dcbd9217a"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d6d91d83fafce4bedb65_-CdaKwztqQA5A2m8PZD4YVhZbncGcrXst6tr5SViHlnFkxIkRSvDzqD5jVu4PoMjEgqnobGm_i1a36y8gAblPp5cRVzQoLVGm8KDoYtF4AIyn9IVsqgc5V-RQW-eAgztfWVQomYJ4seukRrEnjMwwUM.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
221 KB
222 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d6d91d83fafce4bedb65_-CdaKwztqQA5A2m8PZD4YVhZbncGcrXst6tr5SViHlnFkxIkRSvDzqD5jVu4PoMjEgqnobGm_i1a36y8gAblPp5cRVzQoLVGm8KDoYtF4AIyn9IVsqgc5V-RQW-eAgztfWVQomYJ4seukRrEnjMwwUM.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d8afbe76deadd8b4fe953f3333f82ca74e60f627ca7133f54455e8df4e0b47fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
pO2mPImv.ccxfLj59BLq1wxRKQW9tDxs
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23902
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
226286
last-modified
Fri, 23 Feb 2024 17:33:14 GMT
server
AmazonS3
etag
"6c77527ca667218f24226262b4103a3d"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
8BQfCVq3F8JcTEx-E-PnYaU1jrp8DDEyHvZET8qLwY3YVExM_XMIWA==
65d8d6f2070ef7ee2bf8e029_4EFVaJIWC8ULTW8umUfKQjdvcIV9BbIbkIVIkuq6MR2Xnvf7Fi2broV0T9qFkvHmrxGcqKFpRRK9ahcspxXS15J3MV2jXxIHMz_E7IJlwghj9MUie5K2YlODq2OvVn9cuOD_0fAHUy5kP3Cq3qVs_FA.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
227 KB
228 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d6f2070ef7ee2bf8e029_4EFVaJIWC8ULTW8umUfKQjdvcIV9BbIbkIVIkuq6MR2Xnvf7Fi2broV0T9qFkvHmrxGcqKFpRRK9ahcspxXS15J3MV2jXxIHMz_E7IJlwghj9MUie5K2YlODq2OvVn9cuOD_0fAHUy5kP3Cq3qVs_FA.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
117419872eecc6c10e61135cdc19e40370d304045c84987a0f8bd5781c00bfe1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
bL4pn2M_4knN8iBk1WL0C2ORSYJNIBHn
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23902
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
232945
last-modified
Fri, 23 Feb 2024 17:33:39 GMT
server
AmazonS3
etag
"cd612fbc1dae1ba0dc4ee980181a0a67"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
HsvbWjS6dBx4cax8VlQMBlQCeXActabGcdrQnpPTM82Lqno8-CD4nQ==
6ea8fffef519abf6a055dbcb4934989c.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/6ea8fffef519abf6a055dbcb4934989c.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
c49346b36c5eb5d1c1c872a70b18c488ad8b458d5cf29901101bb681d9a2b9ed
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1420
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D64E:21F3B54:65DBF393
etag
W/"c49346b36c5eb5d1c1c872a70b18c488"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d767db34d940b1a707ef_5DlhgtHehTXDQ2r-rR6NvDKwh3egkxStWs3q72XaEb7y4JAS0wky10I7A3C-7ppL1FMErffjWvNLUt5XtJArBsTtnUFPh4OKJx1FVpYJLSIfk2lfQQ8K0amv4MqOgYB_4S-9Tg3L8CBPfcNmbJebiwM.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
236 KB
237 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d767db34d940b1a707ef_5DlhgtHehTXDQ2r-rR6NvDKwh3egkxStWs3q72XaEb7y4JAS0wky10I7A3C-7ppL1FMErffjWvNLUt5XtJArBsTtnUFPh4OKJx1FVpYJLSIfk2lfQQ8K0amv4MqOgYB_4S-9Tg3L8CBPfcNmbJebiwM.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c1ea5b0d58d957f13eb2440e23706b1e7548fa8060cb04a450b07920a1658188

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
U47VZW9Qw1tAQ6SxLdbVMXhMvS1NMNfs
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23902
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
241776
last-modified
Fri, 23 Feb 2024 17:35:36 GMT
server
AmazonS3
etag
"1f5017b269c7fb15ebddb2f9ac529ba1"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
GKpmDDISEvCH1Fnfwn915PS_jqMStRyB-qkx49AAc2x_g0NBywkCQQ==
a2793787a086e57ec00bacc16fada12d.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/a2793787a086e57ec00bacc16fada12d.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
cd61b2d42e0498a5035a505b9e49c84f948aeb407a3a7571bb963b144611b873
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1402
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D651:21F3B56:65DBF393
etag
W/"cd61b2d42e0498a5035a505b9e49c84f"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8d7a33ca740aacc9377c4_N7xNVIJI2LSNGIG295Mfs8IWzCy1TKSMJnL-qDJftOqmiYAKFO3QrABkFgokDD83xXcAJtDLXDJW983nbFgYFzR85h6HCno7qBW2Iv6fhmDXgnvelc3F-MWVlJd4a7uQYmFDBKUenDZBqa4Xtfp_eS8.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
222 KB
222 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8d7a33ca740aacc9377c4_N7xNVIJI2LSNGIG295Mfs8IWzCy1TKSMJnL-qDJftOqmiYAKFO3QrABkFgokDD83xXcAJtDLXDJW983nbFgYFzR85h6HCno7qBW2Iv6fhmDXgnvelc3F-MWVlJd4a7uQYmFDBKUenDZBqa4Xtfp_eS8.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0caf8d896cdcfb0ec0b4def2321743c3dc8fee6a5487e3b9197625c2fcc7e90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
sy.IHvkQosNVJ9NAOLGDBNVFdrYk5HVT
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23902
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
226899
last-modified
Fri, 23 Feb 2024 17:36:36 GMT
server
AmazonS3
etag
"38f2c58f1d1b3b9142db6f4e1bcca8e8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
dJ9ZqUif1naIE0fsuXEousdYHGYGPWZciG3MQntM586m7q8Z1eKQ_A==
f268c19582f5af22fa06140076b8d9d9.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/f268c19582f5af22fa06140076b8d9d9.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
ccc795c7f4c91389b99a9ac1dd7a16b8a536fd400725d6eed2f21e1f29324637
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1463
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D686:21F3B83:65DBF393
etag
W/"ccc795c7f4c91389b99a9ac1dd7a16b8"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
f46e9c45eda038b684c1db2f3122214f.js
gist.github.com/Purp1eW0lf/
7 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/f46e9c45eda038b684c1db2f3122214f.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
28da9a4a0a78cd8d9db54358469ed8aba5f277ce6ece74e68a2cb6560691fc03
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1681
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D686:21F3B84:65DBF394
etag
W/"28da9a4a0a78cd8d9db54358469ed8ab"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8da02be1d4192e0295f85_AjU9nl1cs_5rbT5Nc4tLzULGe79Yz6fyZc0vmyuS-7-4Yie07cA2NOXnK9VmWNsF1DKAe-46olo4cwWq7qUCcO5DpoowDzq8_PWYYHfMEkHCwCgXCs31_1rLZ9b3qiHCOiTmPdcrrX0dO7LR7JA2gtw.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
289 KB
290 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8da02be1d4192e0295f85_AjU9nl1cs_5rbT5Nc4tLzULGe79Yz6fyZc0vmyuS-7-4Yie07cA2NOXnK9VmWNsF1DKAe-46olo4cwWq7qUCcO5DpoowDzq8_PWYYHfMEkHCwCgXCs31_1rLZ9b3qiHCOiTmPdcrrX0dO7LR7JA2gtw.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3421c6b2aa7dc634662198263dcf85ee70e9bc27299b3086bcc6b7da39d3588d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
WqBZwkvO.Aei.GOQ3Oq_rUaTIihSypFY
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
295962
last-modified
Fri, 23 Feb 2024 17:46:43 GMT
server
AmazonS3
etag
"5f371fe37bf95f3c78773129f2cfdbb8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
rpyHoJnijR43R2mYpHMuMXZshvz44cOUHG6IhjmbINMu_V2qV2Aveg==
1f3bdd2c599ad7cb586bb46e9295529f.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/1f3bdd2c599ad7cb586bb46e9295529f.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
3741d9357b176ea30b82ecd88b37af56d9a867020da6ae6a48aadac7c5b28713
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1383
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D687:21F3B85:65DBF394
etag
W/"3741d9357b176ea30b82ecd88b37af56"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8da50832f5ed26ca326ec_mx5FXUQxIojRRgELAR6SYQRGH-sQSr0eLNmS8VFCYc8EV36bM3sgr_-urMmTsycM7ZcJaRHZVVUtiwrG4_GWaIg-aPHTJQ3ZS8Z_mscou0UksGK7GXxhoaNDF-QYb3IF3Fsx7WTP2393BMz1_GHhzFc.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
220 KB
221 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8da50832f5ed26ca326ec_mx5FXUQxIojRRgELAR6SYQRGH-sQSr0eLNmS8VFCYc8EV36bM3sgr_-urMmTsycM7ZcJaRHZVVUtiwrG4_GWaIg-aPHTJQ3ZS8Z_mscou0UksGK7GXxhoaNDF-QYb3IF3Fsx7WTP2393BMz1_GHhzFc.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
de95c3ff5d31b425a4115ffa986e00ac61d6f4f283c5ed847348fdf571e9fd04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
HkWJggn.vBesFSxyrHNeXwhxZWdkYXHT
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
225750
last-modified
Fri, 23 Feb 2024 17:48:01 GMT
server
AmazonS3
etag
"836da689e55e0cb678f510048d8259b8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
KDypEcke9mAgpLmRNKUYuJDrKEu14fmhvA7q2QOYgO239u-CbCkQbg==
d3e0d14c6b5b8c9dbdab08c97f3531c7.js
gist.github.com/Purp1eW0lf/
4 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/d3e0d14c6b5b8c9dbdab08c97f3531c7.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
88eacf01b8e62a5299871ad7668c11a23a6eb03fe8b25d94d9e50e7aafb029a6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1446
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68A:21F3B86:65DBF394
etag
W/"88eacf01b8e62a5299871ad7668c11a2"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
0b1c0f0e4654237bb45161a2173d7ef1.js
gist.github.com/Purp1eW0lf/
14 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/0b1c0f0e4654237bb45161a2173d7ef1.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
e5054fd142ccbbbd76523e3dccd26073e9caba6b10faf1d7aca6c18d7d8d9d48
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
2074
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68A:21F3B87:65DBF394
etag
W/"e5054fd142ccbbbd76523e3dccd26073"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8dacb7a282dddc0eddd5d_EPdS3S-2bOCOA3iKzPCZmgTqXLAkd1Lc0t06NSz8Au0fB5TI7X7CtDmpNuprj_eRlQI9CU-GQo9qzCAvIaeQTLP26JhfBn0qxC9Uzjhm5GvY4dGvjJ3xzbQoSliKddIE6D0lt19QhnLPNGyUehXGS-0.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
258 KB
259 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dacb7a282dddc0eddd5d_EPdS3S-2bOCOA3iKzPCZmgTqXLAkd1Lc0t06NSz8Au0fB5TI7X7CtDmpNuprj_eRlQI9CU-GQo9qzCAvIaeQTLP26JhfBn0qxC9Uzjhm5GvY4dGvjJ3xzbQoSliKddIE6D0lt19QhnLPNGyUehXGS-0.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f803453dcc3f1bc2ad8bd3ffc3751d5222720c9bd0fe6a0dfd341f10e0876d89

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
oC3CZHKSBsTgkSgIKI0F9_YZfg._WfsS
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
264160
last-modified
Fri, 23 Feb 2024 17:50:04 GMT
server
AmazonS3
etag
"153b29641bca68be4d7ed8156a2a7ef1"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
2WX1X-ns88GUGhxgFJSq34c-Io-RNFhYyaj5LMrX3GE2MQM1JPkVeQ==
3a093a41d8ea32531e5b11006c54a70d.js
gist.github.com/Purp1eW0lf/
6 KB
5 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/3a093a41d8ea32531e5b11006c54a70d.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
3560bc852853f52913c4fe6ddf33d388dab659998dce73ee88003902433ba09e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1587
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68B:21F3B88:65DBF394
etag
W/"3560bc852853f52913c4fe6ddf33d388"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8daf24e74547e89b0480e_8u5G868QXtyt6vRFptmNed_A8ClOPPbBUH0mhPstVPl2As5qUdCOI5cwgzKokRH76aN5m0cTnIXYobXx9dfepECWFZvMn9bL8Ropi_zvDR3uUqvjYK-anaeHe_DEnTDW6Zx7fETVPOmLXiTyIGzax78.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
246 KB
247 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8daf24e74547e89b0480e_8u5G868QXtyt6vRFptmNed_A8ClOPPbBUH0mhPstVPl2As5qUdCOI5cwgzKokRH76aN5m0cTnIXYobXx9dfepECWFZvMn9bL8Ropi_zvDR3uUqvjYK-anaeHe_DEnTDW6Zx7fETVPOmLXiTyIGzax78.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5cabc318f9386753f5e6ba8b1df3af233bfd4813e8ba4ccbf80336ab2da97684

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
R2Q941RPxnh0fB5snsAFqlBJOyNfsWr6
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
251985
last-modified
Fri, 23 Feb 2024 17:50:44 GMT
server
AmazonS3
etag
"8203e1c9cafa40ee43cf2186d47776c6"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
ft6TcHICHhIdCNYONJG-UMQJaUasyTyN0P18c8nCKx66Fmz7NxR-8Q==
65d8db0cbff3fffe2effbb44_9Hd3hkujCr31JvE5iMNP8yutqUvo6r14LnT69J6jzWoGG3bZJz8Z6mbIuRjIgfdzFFf9utjS_Pyc6j9LsdnFUuTkfzDvCzb5dMpcU10l4e5XwAl88OWr6fLqgee8wiwk5sF6YzVLyxvm7Ci54EfkC1U.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
99 KB
99 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8db0cbff3fffe2effbb44_9Hd3hkujCr31JvE5iMNP8yutqUvo6r14LnT69J6jzWoGG3bZJz8Z6mbIuRjIgfdzFFf9utjS_Pyc6j9LsdnFUuTkfzDvCzb5dMpcU10l4e5XwAl88OWr6fLqgee8wiwk5sF6YzVLyxvm7Ci54EfkC1U.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
648b84ea82b1c9e25ca3b9feecc4a6e032d045ecfaae9e6f4ce584c45ba249ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
3XcfigjBP2URpIbD8uoK1uLlDGVMOXdN
date
Mon, 26 Feb 2024 02:12:37 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
content-length
101294
last-modified
Fri, 23 Feb 2024 17:51:09 GMT
server
AmazonS3
etag
"66687f944157a655d120cf4754307b1c"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
HjgkZmAqa2NPS21L41iqTMTzBce97jtwFKGyDZb0JzgoW7YDDSkqOA==
65d8db2e146cb796d76202b3_rYe24QCnWmkgKiJDmfhdWrY23piJ1Q0pGYhX8oFWy0DlT4qs2f4gbIhLm2FoTFl-1Lz3GaCfs2e6JpspkM6-hWF1sVks43MGMxQHzP5YqAo72W1UXKPpHsMfy5EK59x2non2kOvnlohjCUhSvmNXlT0.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
155 KB
155 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8db2e146cb796d76202b3_rYe24QCnWmkgKiJDmfhdWrY23piJ1Q0pGYhX8oFWy0DlT4qs2f4gbIhLm2FoTFl-1Lz3GaCfs2e6JpspkM6-hWF1sVks43MGMxQHzP5YqAo72W1UXKPpHsMfy5EK59x2non2kOvnlohjCUhSvmNXlT0.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7d3666f7e3cd5da46dd92f578d530787a6a9fadf7a6ab02e73dc2f620c93642

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
7.TpdRZJ1_QbchXnxOgZfF6TSLOCkPq4
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
158392
last-modified
Fri, 23 Feb 2024 17:51:43 GMT
server
AmazonS3
etag
"c9204a202bde6059928938608271f9b2"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
TasvE8Nhf_4xBdC8Ypfx0P_1Cmf4wGhHMMEcvFkuueO2IikooLMQDQ==
65d8db4e71af36da2eba87f0_OdSn8_9FINnVlwz4jxHrARNVYE_QHxvMMHdBrvDBhRTTTI0nyxuz4bwwtxjV_YrdLgy3-ll3JFTMidDqfqUjg5wBZ4BvWq-ornRwqFpcuF3DOZjOwjP1DsEKID7GvYfXfEMy8-O1L3wd_SfYXHp7Wws.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
301 KB
302 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8db4e71af36da2eba87f0_OdSn8_9FINnVlwz4jxHrARNVYE_QHxvMMHdBrvDBhRTTTI0nyxuz4bwwtxjV_YrdLgy3-ll3JFTMidDqfqUjg5wBZ4BvWq-ornRwqFpcuF3DOZjOwjP1DsEKID7GvYfXfEMy8-O1L3wd_SfYXHp7Wws.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2142e9de33cf1abb76356fb85a336bb615268fca582f9b0d9920ed8a7c8f8ad6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
f5nexvjmfk..DfwdtQC7NM4vBwIXtmT8
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
308706
last-modified
Fri, 23 Feb 2024 17:52:15 GMT
server
AmazonS3
etag
"e79b00d060cf4b03a2bf474c135e8a59"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
jrUyDZNaxX37USBGGcvrmG3OWBI71hXLO4PqABhuO_dixg3hwCqhlg==
a806e42ceb9de60ab840ea51e5a47ac6.js
gist.github.com/Purp1eW0lf/
11 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/a806e42ceb9de60ab840ea51e5a47ac6.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
9c6517cd99fcb0145a0cc619e7b938621dba7c96b4ab0fa6589f201203296ed7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1794
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68B:21F3B89:65DBF394
etag
W/"9c6517cd99fcb0145a0cc619e7b93862"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8db756d17a94db436ff06_uvNC6fRvFt9EHSPif8yw-LjQGpAakhbI0lzCKFmhAa2QVfK4WvoVzSYGKCsk8uTvEvxhkmwTG1Mt0tMFLcarMkxDxY0HmnOyLGqj2rsGE0NyQjBzoAymDRs_ZExzXn6y4RH12xR6OK9VzGeXxhJoe0Q.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
216 KB
217 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8db756d17a94db436ff06_uvNC6fRvFt9EHSPif8yw-LjQGpAakhbI0lzCKFmhAa2QVfK4WvoVzSYGKCsk8uTvEvxhkmwTG1Mt0tMFLcarMkxDxY0HmnOyLGqj2rsGE0NyQjBzoAymDRs_ZExzXn6y4RH12xR6OK9VzGeXxhJoe0Q.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae6d5e757d837bc50bc654678bdbb4a2b49d5c53776f44a794b05ea94f7a77dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
NltJLvE5oqHbuLqC0W4HZ6ly8Vh.IDrb
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
221689
last-modified
Fri, 23 Feb 2024 17:52:54 GMT
server
AmazonS3
etag
"63320634941832776db2f7bbd1ffe048"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
-5AfeutPoKvzd-AuoPDNT8fiDEtxkvu62cvmzqxQOMOoPO1zxjw9kw==
ba9752d03e28bbcc8cb3c154b9dc8f94.js
gist.github.com/Purp1eW0lf/
6 KB
6 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/ba9752d03e28bbcc8cb3c154b9dc8f94.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
e9377f7f6a40cf708c4606505e234a741ea7ed8653cd5b68690fa820a8d89970
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
1666
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68C:21F3B8A:65DBF394
etag
W/"e9377f7f6a40cf708c4606505e234a74"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
65d8dbe69dab77b8640d438c_FGrqdpZUmIi9_R8gdfVgTJ8BLBurCMKvplGfsSIgiY7wzgOXz4j6AxeCFY7AYV21_aruNDKZ-mJy_hhfS_hfadrN0-IUc6n5qPVED2mPQm0hOmZ2jxHpi6sQAhNDEgS9UbIsN5yenTTnkLkQD45hiHI.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
117 KB
117 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dbe69dab77b8640d438c_FGrqdpZUmIi9_R8gdfVgTJ8BLBurCMKvplGfsSIgiY7wzgOXz4j6AxeCFY7AYV21_aruNDKZ-mJy_hhfS_hfadrN0-IUc6n5qPVED2mPQm0hOmZ2jxHpi6sQAhNDEgS9UbIsN5yenTTnkLkQD45hiHI.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0de061a7ed39b9628479a87b1d64168c8166147a8272404cbda89c16b4fec12a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
CufUwTBSGg2DxO2eyi2l4rmi_xNPhv2w
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
119561
last-modified
Fri, 23 Feb 2024 17:54:47 GMT
server
AmazonS3
etag
"11bf59b97ba729b82d7ca87f60de5dee"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
hFXMfFefDw9GT1aRbByhWwz9zntZug0-G8rYOIff7dipCRdhs0mNPA==
65d8dc2283ced0c0f2f7407c_3HPJGm39PHTL3QHL4ezuRIOsQaDqAfEbI6gnNMP0bWqjw3ijSNoLXU4mPAj1ipyQOmP_pjWIZvflBmbSkIH5-JDC-mibkCwwwQ3ngNPrFNCrrUqVeONMZxXVEY8LdRdol05FWcBRFnFjCKpJu3mZTIk.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
523 KB
524 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dc2283ced0c0f2f7407c_3HPJGm39PHTL3QHL4ezuRIOsQaDqAfEbI6gnNMP0bWqjw3ijSNoLXU4mPAj1ipyQOmP_pjWIZvflBmbSkIH5-JDC-mibkCwwwQ3ngNPrFNCrrUqVeONMZxXVEY8LdRdol05FWcBRFnFjCKpJu3mZTIk.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d80721a4ce2c8b2607fede0868627692cc9f725cbc0cf098eea66590f68a9609

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
_O2pJsE1qiUT2Wvx3769utHfpvXTi3zX
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
535935
last-modified
Fri, 23 Feb 2024 17:55:47 GMT
server
AmazonS3
etag
"9738f9e05b502dd25d979f91e8d126be"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
sWKkdGOixXruLht498CkEs3NB2y3d7fRwijLR4RaaW2EDr6KEuwgtw==
65d8dc39d7d348500d6faa73_8Dh4Z-F8Uij7EP4sr37KvziORIDMA9n-iF5Rme9ETy5JMmbunMLYibRJGi8VyYOGO2ffTsQM6-IXPs7SG6sl9YSWBMal2lPZ4dOpS6RW6-Hvi-QCtItSVoQ8-CVvczwlgBfbOZc5Q2k2EBZPwz4qYz0.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
360 KB
361 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dc39d7d348500d6faa73_8Dh4Z-F8Uij7EP4sr37KvziORIDMA9n-iF5Rme9ETy5JMmbunMLYibRJGi8VyYOGO2ffTsQM6-IXPs7SG6sl9YSWBMal2lPZ4dOpS6RW6-Hvi-QCtItSVoQ8-CVvczwlgBfbOZc5Q2k2EBZPwz4qYz0.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
531c136e45e2b18ebeedd6c50b5854c1a7483cf459ce77ac93552184c52975c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
h08dbfAh27_OAwnS.LTpGmZ9WvTSGiLx
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
369078
last-modified
Fri, 23 Feb 2024 17:56:10 GMT
server
AmazonS3
etag
"c98eac6be93f2954833cde5580721558"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
x2cmZR2tTA6w6m8qTRljLbph4KzxgH7l686QGpMMm1fHHA9tW7Ov_w==
65d8dc43deef9af733290b34__lhyFhMhUOes-35EDWiITs18FsKSqduTqyv5rVhD4_7YpJNdMWmvGMQ7vwovx1D9k2emwgAyY_mXJE_T_yS2QagkqwhEw4Lh3ZsvxGKgrKldEMCHtZtYrBaIyZkoY8IaDMFWLfJF8ciSXjaJP1VUCr8.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
197 KB
198 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dc43deef9af733290b34__lhyFhMhUOes-35EDWiITs18FsKSqduTqyv5rVhD4_7YpJNdMWmvGMQ7vwovx1D9k2emwgAyY_mXJE_T_yS2QagkqwhEw4Lh3ZsvxGKgrKldEMCHtZtYrBaIyZkoY8IaDMFWLfJF8ciSXjaJP1VUCr8.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
153fb3e06ae4cfc3f23663abe1b1295739e60bdf1b6095aba61911cb1887f62f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
VAbE0D4qX0j7LBgN1s1aaRIucHXZTYxk
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
23901
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
201711
last-modified
Fri, 23 Feb 2024 17:56:20 GMT
server
AmazonS3
etag
"4f25f3a4e08c3f55ee7610488f30ee0e"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
UnUEL0AOoPEaurEd52CjFrajAKeAMfA6noXmwnTMYiAWYfOim5wkzQ==
65d8dc7de0dcfe99ffccc017_fuQYbwMC4cOTs9dEkddAD5jg1_K1WB-lbSS9NKgKB4gnl4fxbuX7BRYxgJ15v5K4vC9sFRroJFfEIPdVhO120w7Yho-is6MicU6wqhxgTCfYLjL9qhY4eZEPvdfKXskQi9Wv2XHG-WehjYv_Na6R7-Q.png
assets-global.website-files.com/6579dd0b5f9a54376d296939/
224 KB
225 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296939/65d8dc7de0dcfe99ffccc017_fuQYbwMC4cOTs9dEkddAD5jg1_K1WB-lbSS9NKgKB4gnl4fxbuX7BRYxgJ15v5K4vC9sFRroJFfEIPdVhO120w7Yho-is6MicU6wqhxgTCfYLjL9qhY4eZEPvdfKXskQi9Wv2XHG-WehjYv_Na6R7-Q.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d5231b8cf22732cbf3d007b56763c371e2bcb329b2725037593e589d7eda94d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
x7WQ6n8y7ExkuttiBs4SQIW3Ch43mhyr
date
Sun, 25 Feb 2024 03:17:02 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
82535
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
229246
last-modified
Fri, 23 Feb 2024 17:57:18 GMT
server
AmazonS3
etag
"26469feb0383c0ebf1d5f7052ad587e6"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
UJw40zrX2RGw2l2w1QJ-mxxwxYjf6ZUqlTLsD4bWfLZ80lSWmDnFsw==
2346dd2b012a525e5bb0ed62b7eccef7.js
gist.github.com/Purp1eW0lf/
35 KB
8 KB
Script
General
Full URL
https://gist.github.com/Purp1eW0lf/2346dd2b012a525e5bb0ed62b7eccef7.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
140.82.121.3 Frankfurt am Main, Germany, ASN36459 (GITHUB, US),
Reverse DNS
lb-140-82-121-3-fra.github.com
Software
GitHub.com /
Resource Hash
fa67414714720acf694287a69cb255d442d207b5e1a1e825d0a62dfbab8c1ba4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding
gzip
content-length
4048
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
B9C0:60C44:215D68D:21F3B8B:65DBF394
etag
W/"fa67414714720acf694287a69cb255d4"
vary
X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options
deny
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, private, must-revalidate
accept-ranges
bytes
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/
87 KB
31 KB
Script
General
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6579dd0b5f9a54376d296915
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-90-44.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 06:57:06 GMT
content-encoding
gzip
via
1.1 47b2ce4c0cbd550c326fba9b552b2176.cloudfront.net (CloudFront)
age
69331
x-amz-cf-pop
MUC50-C1
x-cache
Hit from cloudfront
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
server
AmazonS3
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
vary
Accept-Encoding
x-amz-cf-id
0Llt2X7MOtwz3mO3BLT-9tvXr-Fa6I4_et2s1YK39p-suxPSwptPJw==
huntress-new.ddd87a2b9.js
assets-global.website-files.com/6579dd0b5f9a54376d296915/js/
1 MB
204 KB
Script
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/js/huntress-new.ddd87a2b9.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0f596cb38dc72ae999b1a7d5dcd3cb1b1b2c99dc27486943e52f08d32c8dfb18

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 04:52:00 GMT
content-encoding
gzip
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
x-amz-version-id
VquucxmSLTnKkRQIdRs5Zm0qBxCEqFqT
age
76837
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
208414
last-modified
Sat, 24 Feb 2024 21:27:58 GMT
server
AmazonS3
etag
"3b848ebb12ef682b9042de28c95a5a46"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
4QG-uaCyXOueiOzO4unSVKaIPjnElxGaJNqYxEF8_05rCJLx8yGbow==
3911692.js
js.hs-scripts.com/
3 KB
1 KB
Script
General
Full URL
https://js.hs-scripts.com/3911692.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bf59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
007205ac272cd4fc89fd5dfa7b39040111422ed05dc773a195e406caae0a3e5a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a22ae1cc-3191-4663-a8fe-deb263e4dc63
x-envoy-upstream-service-time
5
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a22ae1cc-3191-4663-a8fe-deb263e4dc63
last-modified
Sun, 25 Feb 2024 23:53:17 GMT
server
cloudflare
x-trace
2B50CD1EF6DE59B1FC63A7F4EEB283838441E1072A000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.huntress.com
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-59d6fb747d-kc6c4
access-control-allow-credentials
true
cache-control
public, max-age=90
cf-ray
85b4a9fd4ecd266d-TXL
expires
Mon, 26 Feb 2024 02:14:06 GMT
swiper-bundle.min.js
cdn.jsdelivr.net/npm/swiper@11/
145 KB
42 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa8b379f14b0d120d8c9a72effcf7c718ba150d23e37420eaa441c628e42d1ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8811
x-jsd-version
11.0.6
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220075-FRA, cache-lga21926-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"245c4-1IpMOwjrIUviy3373dAv2gdmak0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQMcMnbUHU8tyi1lJpcexcjqE3KtfHqDbAJ05iI%2Flml8F3k%2B%2Bsq24XiBijH1v1vsMYNYyxUOyoYF81fkfZcfj%2BBNM6SvY9f1nZ2LLBlKO2y%2Fs8NmxmGkVRiIsJj%2FZ6M7YwCiGk6AcarVCcPSygE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
85b4a9fcfd66451c-TXL
slick.min.js
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/
42 KB
11 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2029044
x-jsd-version
1.8.1
content-encoding
br
x-cache
MISS, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230096-FRA, cache-lga21934-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nF78ESFk5tBHPQbRloWVDodXtks5b3fVBvGq%2Bd256vu5pJuyjfrgQDJn0Rg8LzyLke%2FSDnhWS0Zqf95P8WVMHOHLGlq20dit%2Flt5%2BPC4jOArad1q3LUz%2BTIe8B4yfGIJLoNp6QIXam1LHcaK7%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
85b4a9fcfd68451c-TXL
bundle.v1.0.0.js
tools.refokus.com/rich-text-enhancer/
2 KB
1 KB
Script
General
Full URL
https://tools.refokus.com/rich-text-enhancer/bundle.v1.0.0.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::vwg7n-1708913556075-7e4825badb98
age
2714752
etag
W/"bfd9ff53d0c1baa43dbb0f44751f23e9"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="bundle.v1.0.0.js"
medium-zoom.min.js
cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/
9 KB
3 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/medium-zoom@1.0.3/dist/medium-zoom.min.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4215339
x-jsd-version
1.0.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220020-FRA, cache-lga21964-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"2408-5ck9kUxd8AglB+1wj1aqAh/vLDs"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BuHlV6ghDl0ph0QD58xYEaISCO4E%2FT7SdSOHob7AmIXM5BjMYC24ZMORKmyh2VbWFz5GFuRr%2BVp324Xer8BDU%2FrtXlm2hnAl%2FgMk9wCwyqoOz5jSQQcw7mzn0Ky%2FzNcUMIXW408R7qQNGtsxooo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
85b4a9fcfd63451c-TXL
form-123.js
hubspotonwebflow.com/assets/js/
12 KB
2 KB
Script
General
Full URL
https://hubspotonwebflow.com/assets/js/form-123.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
8323a2d9c9e1f89ab87c4463fccb464202b4990a9a7b235f7e056b0689b135f7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::qrj9p-1708913556072-fdaff7284c84
age
173485
x-matched-path
/assets/js/form-123.js
etag
W/"45a5b8fce72454a16ad1f1ebaf6d1feb"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="form-123.js"
6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js
assets-global.website-files.com/
144 B
626 B
Script
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915%2F6470f5217e03b0faa8a404de%2F658a9a0642f212b4ef59b0b2%2Fhs_trackcode_3911692-1.0.6.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
fKVYVp7VLozdKwo7Gp68VwPn_1qCAcOV
content-encoding
gzip
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 02:12:36 GMT
age
5944
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
131
last-modified
Tue, 26 Dec 2023 09:16:55 GMT
server
AmazonS3
etag
"94d95acc94c6624c39cb9873e3da3787"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
kUwNGqQZViRu2uV2Hnul4_SZaxTut-clwX6qwPsaWukuAmZ-SERlzA==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/
494 KB
197 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d858a3e24fc094b6683f21b0c4c57db4d91a65618c8ebdf8054c7d6142b89bfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 12:54:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47885
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
201516
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 05:01:55 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 12:54:31 GMT
gtm.js
www.googletagmanager.com/
310 KB
99 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e30fe89d5e43e87e0d1e0bd0e71baf9f2cb7dc2b6c5a02c94e4e267463e5a41e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100711
x-xss-protection
0
last-modified
Mon, 26 Feb 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 26 Feb 2024 02:12:36 GMT
6si.min.js
j.6sc.co/
64 KB
17 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/8769192b-20ba-4df2-8d62-2740a805c3e8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
d3851af1bf48f6e0903b5d66e5d64141a559aa05a2da8c76b502dda2b6473933
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 20 Dec 2023 22:26:50 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"65836a2a-ff05"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
17577
expires
Mon, 26 Feb 2024 02:12:36 GMT
5d3cypit2iz8.js
js.driftt.com/include/1708913700000/
212 KB
60 KB
Script
General
Full URL
https://js.driftt.com/include/1708913700000/5d3cypit2iz8.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-9.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
x-amz-version-id
fwT06mdOrTHjuLmyd8.idzR8VPd5.dxi
via
1.1 7304a96518f6c4657eabe5542a78c41a.cloudfront.net (CloudFront), 1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-encoding
gzip
x-amz-cf-pop
IAD66-C1, MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
57
last-modified
Mon, 21 Aug 2023 14:57:31 GMT
server
istio-envoy
etag
W/"576cdc1c0941a520c47b54aef3b463f7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10
access-control-allow-credentials
true,true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
zm4CWBeozwVnKaruTPvCgqAuPfWRP-wsdsmb85LJ_ZZZlzYPyuhtJg==
gist-embed-5bb00a1034b4.css
github.githubassets.com/assets/
51 KB
11 KB
Stylesheet
General
Full URL
https://github.githubassets.com/assets/gist-embed-5bb00a1034b4.css
Requested by
Host: gist.github.com
URL: https://gist.github.com/Purp1eW0lf/51bec3826690a61dbac53ab30f700a18.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3a9886679dab1ea5d82978ea93e590cd27fb5902bb664d9c8f55ecf2256b6d5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-fastly-request-id
070127fb6cb1d672798834dbbeeb787db761588b
date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=31536000
age
445135
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
10558
x-served-by
cache-iad-kjyo7100030-IAD, cache-fra-eddf8230029-FRA
last-modified
Tue, 20 Feb 2024 19:01:11 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DC32464DB126E7
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
2, 2083
655efb41f4bb20e00c9cfe91_Group%2039892.svg
assets-global.website-files.com/655d92689c415e9fefcf2368/
673 B
1 KB
Image
General
Full URL
https://assets-global.website-files.com/655d92689c415e9fefcf2368/655efb41f4bb20e00c9cfe91_Group%2039892.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 09:25:47 GMT
x-amz-version-id
2SPzchtrPJOOCpA0jo4V.YS2Osqybov7
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4553210
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
673
last-modified
Thu, 23 Nov 2023 07:12:03 GMT
server
AmazonS3
etag
"48aeeba05bcceb164d7432689b3bb357"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
3uH07hF5wm1uMgihTmLb_A_DPbfdJjdU6MMbOQHn9-z7IHHdn2xcHA==
6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
20 KB
21 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296969_visuelt-regular-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 12:03:52 GMT
x-amz-version-id
4frLyUq9eYNLo7inr9AWHf_d33ZSkDwJ
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5062125
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
20916
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"833d58f5538bb02b9d3e362ca829ece7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
DPcVu0rRGGguUuMgyOcmg2qZJyjA0latASHZr_iSsvUm5fBvyF-4-Q==
6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
17 KB
18 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296925_hknova-regular-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id
At.YFBHJO4EQclecPPM23aBnfk3j2h1H
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5118568
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17728
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"fd0185054945b2abe907dc7e524389c9"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
9VYE_sSaNRTbEHNLDfkzqPLLg-VYI4VErB32G70IkZGCIyL-C4OhGQ==
6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
18 KB
18 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29691d_hknova-bold-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 20:23:17 GMT
x-amz-version-id
4JksoGDTlz479HpJYtobtrz0YXSwp3Rx
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5118560
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18204
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"5aec097021a58170197314c745d296db"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
N_gt0PZQt5R7NVIL0lr38DBUbTWtgShL033KrCYVCl67C3K9SeFCVA==
6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
21 KB
21 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296961_visuelt-bold-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id
6cft5KdwVHtlIu77Lo8AxPLF1V_1aCGv
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5118568
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21280
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"4be3159e8cb3fb66b8e847dd0bedb2ed"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
zfckL8pg6dopxADyFa-b8-4MR9BB1OHjyYH8rGbOapPchbSaz_ycWg==
6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
18 KB
18 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296927_hknova-semibold-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 10 Feb 2024 21:59:24 GMT
x-amz-version-id
SgNlIeK2CMt3IfgkJzcYPm6BQJFO8VdG
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
1311193
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
18124
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"b62b51b8a8a1c83c200a484a4149c151"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
gM2qA-FR4wUQdcEp3V7y_xbQepk_ToOH7Edc9t6G6eG2jSRmuZl5Ig==
6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
20 KB
20 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29696f_visuelt-thin-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:22:36 GMT
x-amz-version-id
1AmjYc4ysufx24AJ6PfPPYoNyma6Viac
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
4963801
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
20300
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"07fd1c3f396e8b19e3076e1167800fb5"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
6bBEiM5rwiLSmV43srALKHKo_e7E4zwQdIBYWsJp7MWN1NivtzNJbw==
6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
assets.website-files.com/6579dd0b5f9a54376d296915/
55 KB
29 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6e_DMSans_24pt-Bold.ttf
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 15:55:33 GMT
x-amz-version-id
quM.7z1k_e9xiPUszqLumStS9j4JLmMp
content-encoding
br
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5134624
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 13 Dec 2023 16:34:21 GMT
server
AmazonS3
etag
W/"541d84af93ed55a92a75644198c26ca5"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/x-font-ttf
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
vary
Accept-Encoding
x-amz-cf-id
mlTMQCIc2TQamTBvc30XsepdEvO3KrZYzLsHhxFBdK9A3QbQcE2c0Q==
6579dd0b5f9a54376d296a33_banner-ellipse%20(1).webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/
29 KB
30 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a33_banner-ellipse%20(1).webp
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
84d9a8398452005a5d2abc445e3c54aabd86e648ed214d420d7fb323262719b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
Mj8wcNSFVBisltZstt5EJDzhk_eEJ4ri
date
Sun, 25 Feb 2024 03:33:05 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
81572
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
29868
last-modified
Thu, 21 Dec 2023 07:39:50 GMT
server
AmazonS3
etag
"239751e75040f8efec0043a5f4cf277a"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
BSi_WAIwYWngcGjB43xSX0nhsouWcO_SBD4CLaepVtElyAeXFGKBCA==
655ddcc107aef728354e9cbf_Huntress-logo.svg
assets-global.website-files.com/655ddcc107aef728354e9c2a/
16 KB
13 KB
Image
General
Full URL
https://assets-global.website-files.com/655ddcc107aef728354e9c2a/655ddcc107aef728354e9cbf_Huntress-logo.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 15 Jan 2024 08:44:23 GMT
x-amz-version-id
ll9DT5jxvCo6dqqJTOhzWIKk94gBwQHc
content-encoding
br
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
3605294
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 22 Nov 2023 10:49:38 GMT
server
AmazonS3
etag
W/"1b58a7f9d25209475f7150623a7b9993"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
x-amz-cf-id
VyuD9mVt1TyqY4lGuu6uUjQKK0cGjLYQbhk4X9FqeNpgOIQfvJq9xg==
655d92689c415e9fefcf2400_Hero-grapic-right-02.png
assets-global.website-files.com/655d92689c415e9fefcf2368/
5 KB
5 KB
Image
General
Full URL
https://assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2400_Hero-grapic-right-02.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 05:44:52 GMT
x-amz-version-id
ds4He9jpqLhVudpNkauPNw12aaYIjxRr
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4998464
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
5002
last-modified
Wed, 22 Nov 2023 05:32:26 GMT
server
AmazonS3
etag
"d360d7cfb07b3fdc3fbc56204caa4c06"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
Bpwk5XIdTCDpvhmGu40R2IlDFnT6z5UAXaggxUiwr4vgXM1FFiesZQ==
656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
assets-global.website-files.com/655d92689c415e9fefcf2368/
407 B
868 B
Image
General
Full URL
https://assets-global.website-files.com/655d92689c415e9fefcf2368/656079b2a6c055ce7d368e61_Secondary%20Text%20CTA%20Black%20(1).svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 05 Jan 2024 14:43:06 GMT
x-amz-version-id
6MUyKzg7.UI2lqy3cc43_aNDTQO42ExF
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4447770
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
407
last-modified
Fri, 24 Nov 2023 10:23:48 GMT
server
AmazonS3
etag
"7b97da408ecd186da2775e85d3b5fc35"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
7ggqyiKDeEFsyJklkKMFqEGtA67nJUcbjOS3HNJonjHVvOPOx_Pssw==
655d92689c415e9fefcf2401_Hero-grapic-right-01.png
assets-global.website-files.com/655d92689c415e9fefcf2368/
12 KB
12 KB
Image
General
Full URL
https://assets-global.website-files.com/655d92689c415e9fefcf2368/655d92689c415e9fefcf2401_Hero-grapic-right-01.png
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e25771659046bed206f576f67ef77c46c7c639fde3b416a20e279703ae25a669

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 05:44:53 GMT
x-amz-version-id
f7iETDkxzcVNvfCyBasX0c7eQWmHAaI6
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4998464
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
12224
last-modified
Wed, 22 Nov 2023 05:32:26 GMT
server
AmazonS3
etag
"77f3a2017fcc90138a0d7de5e3a64595"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
SrC0fvk49NUZpoHqp1WvwZ6rhlBDyZ5-FQL0AhGIDOS3ScsTSI3Emg==
6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/
7 KB
7 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a87_Blog%20detail%20Banner%20Glitch%20Left%20Bottom.webp
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
.9LTfep43eO88TqIHc3WnYAIb3vaJe3A
date
Sun, 25 Feb 2024 06:23:30 GMT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
71347
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
6778
last-modified
Thu, 21 Dec 2023 07:39:51 GMT
server
AmazonS3
etag
"2deea30793899f56a236f1ba505155ab"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
IXGHsbh3K7weY-MpKixUYN5ZyJ7xyh2xACRcSdyUZNPQ3cKcwV0zAQ==
6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
assets-global.website-files.com/6579dd0b5f9a54376d296915/
2 KB
3 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a89_Landing%20WWW%20Glitch%20Right.webp
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 06:32:05 GMT
x-amz-version-id
0.i3tZnqpf4mpcjZIZI6k.PdzUSOLecT
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
70832
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2196
last-modified
Thu, 21 Dec 2023 07:39:51 GMT
server
AmazonS3
etag
"3574559fb267295e5e44a4509e2e6e4f"
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=84600, must-revalidate
accept-ranges
bytes
x-amz-cf-id
S7MeW7VQwL_jhkNkx4utSWFlsK4AmU3ql3sZnAQ9UfpjmUVBeuViig==
6579dd0b5f9a54376d296a5b_facebook.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/
368 B
827 B
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5b_facebook.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 18:39:42 GMT
x-amz-version-id
RZplueeOMT9I2ezQMMUJ8cw13HoQeV5p
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
5124775
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
368
last-modified
Wed, 13 Dec 2023 16:34:21 GMT
server
AmazonS3
etag
"b92a7c9703a268bda64464e9f8c245fd"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
-lhq2dHfGlyyj9B-1fkmFiYRIExaIEa0n_4GJhXRtuTuJQbVfyfbxw==
6579dd0b5f9a54376d296a6f_twitter.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/
351 B
810 B
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a6f_twitter.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 19:08:05 GMT
x-amz-version-id
qTS56BoR0gVqfX6mJuOtV4Wu10z6D4RY
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
5123072
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
351
last-modified
Wed, 13 Dec 2023 16:34:21 GMT
server
AmazonS3
etag
"e0a4b7f37d6875804665234ecff1cb23"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
eUIql7xX2eU3pVM54GcRqnlvHsHlLaSBBeofO9IWPX9FALJrj6fh2g==
6579dd0b5f9a54376d296a70_linkedin.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/
675 B
1 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a70_linkedin.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id
mMxIOUbXDP4hW6NdJCWI58VrmvAg.At1
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4967781
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
675
last-modified
Wed, 13 Dec 2023 16:34:21 GMT
server
AmazonS3
etag
"67b0ebebe9b8817edbfa41bdfd2e8c6e"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
K7ZdCIzLP8WMCGDguiqpVRP95C1EO-zy_eoYEjCZnuoAOkNWhqus0Q==
6579dd0b5f9a54376d296a5a_download.svg
assets-global.website-files.com/6579dd0b5f9a54376d296915/
820 B
1 KB
Image
General
Full URL
https://assets-global.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d296a5a_download.svg
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:ec00:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:16:16 GMT
x-amz-version-id
5Ss_XSS0A3iWbPuuBVg7J8jICwbGfHO4
via
1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront)
age
4967781
x-amz-cf-pop
MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
820
last-modified
Wed, 13 Dec 2023 16:34:21 GMT
server
AmazonS3
etag
"8d8c0614e1e224001d7c6dec535490b1"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
uu59HzpeqoJnHgJJlGn10I2tQ7KNWEa8XYU_rApPw7W_cO3kYn5vzw==
js
www.googletagmanager.com/gtag/
306 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
739fc4cef053cd87d37dbf8d7302c74819a902029dd4e530d060b17de0cab1b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99382
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 26 Feb 2024 02:12:36 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
45 KB
16 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2a3b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Feb 2024 09:12:49 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=53016
accept-ranges
bytes
content-length
16480
qevents.js
a.quora.com/
41 KB
14 KB
Script
General
Full URL
https://a.quora.com/qevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.153.247 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2a101f313f27c267a744088e44664a87d2ec7dc2a3464bf1319a95094dc76db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
x-amz-version-id
DENAuZi5jc6G3XAf0_byr8vJzUcVnf.F
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
5K57PBR2A0025GG8
age
8111178
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400
x-amz-id-2
rvPsThAgQkJShQQ2J7UMgDJ+mUUBMPz6v4o52Qjy3F2U8CcHm7z1WCN2wGkAgqOAkDHbpFzSZ2Y=
last-modified
Tue, 17 Oct 2023 18:57:21 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:5defc3f1c55a0cb9cbca8c06fbabaf65
etag
W/"5defc3f1c55a0cb9cbca8c06fbabaf65"
vary
Accept-Encoding
content-type
text/plain
cache-control
public, max-age=14400
cf-ray
85b4a9ff2f176a76-TXL
expires
Mon, 26 Feb 2024 06:12:36 GMT
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220106-FRA
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 26 Feb 2024 02:12:35 GMT
last-modified
Thu, 22 Feb 2024 21:00:50 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2B5E92EEB71744BB80B2FB52C539560F Ref B: CPH30EDGE0916 Ref C: 2024-02-26T02:12:36Z
etag
"0adee36d265da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13197
fbevents.js
connect.facebook.net/en_US/
214 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 26 Feb 2024 02:12:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57257
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
W5NzhtDmKXV0zLExAtmK4WfNW0CgHSJahsNYPCUZoy0YMWUEfAM1kvqy0cNrizrJvmQt/vPpHHF+NSLEu/uh1A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
1006267.js
tracking.g2crowd.com/attribution_tracking/conversions/
958 B
2 KB
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1006267.js?p=https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&e=
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
fa250ce8-34fd-490c-9ce5-2e191995fe62
x-runtime
0.003116
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"14c59924cdca7796d9578872e6933998"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
85b4a9ff2c2358f6-TXL
e666a54d-ff29-48f9-9baa-2be6ac05412e.js
j.6sc.co/j/
837 B
837 B
Script
General
Full URL
https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
iBgsOgE4Kr3Z0Ccj2rm1wK8VxmZ_A29h
content-encoding
gzip
date
Mon, 26 Feb 2024 02:12:36 GMT
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
438
pragma
no-cache
last-modified
Fri, 18 Aug 2023 17:22:32 GMT
server
AmazonS3
etag
"29df5bb770be8e518fe2206581f712a6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
M9neikm8wpQI2GEN0ap7oh7VROMRmrELsMtIhE3EjqWEL1A2PROwPA==
expires
Mon, 26 Feb 2024 02:12:36 GMT
events.js
tags.srv.stackadapt.com/
18 KB
7 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
7450e66aa3ed8c25745c8a243cd4fa929d971419d953e9edbd60128097483446

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 26 Feb 2024 02:12:36 GMT
cache-control
max-age=5
content-encoding
gzip
content-type
text/javascript
hotjar-2159185.js
static.hotjar.com/c/
9 KB
4 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-2159185.js?sv=6
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-32.muc50.r.cloudfront.net
Software
/
Resource Hash
d2dbc9d2a6b4979022d9cc07c4f9caf9911fbdd3d2988d00ee3f991884130b79
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 c414bd1a4ce7ace94cbfdfa8efcbe5a6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
etag
W/a0a99209a37fee2e35ff2cb54ef87e97
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
duMTEf0PUHDJ0zejBQdney2cQxL8VvxlEGiOqV0B5lvKjOj5-_p3hg==
NeverBounce.js
cdn.neverbounce.com/widget/dist/
96 KB
29 KB
Script
General
Full URL
https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-78.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 03:31:55 GMT
content-encoding
gzip
via
1.1 badff53d2116a4b3d32a2dd1eb918a48.cloudfront.net (CloudFront)
last-modified
Mon, 02 Mar 2020 18:37:33 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P1
age
81642
etag
W/"c1e06621030dfcba15b88abbcaa546eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
DevSJIDJMhYC60D3oTmbHR8h8-0dshnjeKd7tSz6kJLA1M7EdTRpsw==
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
65872
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
85b4a9ffd8136a77-TXL
expires
Mon, 26 Feb 2024 02:32:36 GMT
site-script.js
cdn.metadata.io/
8 KB
3 KB
Script
General
Full URL
https://cdn.metadata.io/site-script.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:6400:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28cf2b2374a7fe727fa05e23727151034a93103de21eda97e5b4513a26b83c70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
e9wd.JyoULXOHxdC.9vYgxW4MW6htgs8
content-encoding
gzip
via
1.1 bc8243121fd94c5b2714caac07caccde.cloudfront.net (CloudFront)
date
Sun, 25 Feb 2024 20:09:39 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MUC50-P3
age
21778
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 23 Feb 2024 20:08:14 GMT
server
AmazonS3
etag
W/"e303f06e90dc677f8231784bed11b647"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
akFXWrFBrapBAY7ekEeFnPFckNwM6I68CTR8NvPLjGB6VPMw1mHqTA==
pixel.js
www.redditstatic.com/ads/
28 KB
9 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
site-insights.js
cdn.metadata.io/
3 KB
2 KB
Script
General
Full URL
https://cdn.metadata.io/site-insights.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:6400:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8cede167f8e0eb1a742b600847e11c36e71ca6f8a2392c2474f31387b0cd5f4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
oLwy90dZVO5VbL0SwmxJ7JP9D8GQ9nog
content-encoding
gzip
via
1.1 bc8243121fd94c5b2714caac07caccde.cloudfront.net (CloudFront)
date
Mon, 26 Feb 2024 01:43:34 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
MUC50-P3
age
1745
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 05 Feb 2024 15:29:59 GMT
server
AmazonS3
etag
W/"802c81b5c2aebbed9aa94f55cd523a61"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
F3ehOqR_rtnUkutARa4uMq-IyKc2Mo4IufhvJcslQsfryEtMOffexA==
429191348
google.com/pagead/form-data/
0
0
Ping
General
Full URL
https://google.com/pagead/form-data/429191348?em=tv.1&gtm=45He42l0v9171248136za220&gcd=13l3l3l3l0&dma_cps=sypham&dma=1&npa=0&auid=369099684.1708913556
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

429191348
google.com/ccm/form-data/
0
176 B
Ping
General
Full URL
https://google.com/ccm/form-data/429191348?em=tv.1&gtm=45He42l0v9171248136za220&gcd=13l3l3l3l0&dma_cps=sypham&dma=1&npa=0&auid=369099684.1708913556
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXRTDGW4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.huntress.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/
43 B
422 B
Image
General
Full URL
https://q.quora.com/_/ad/83f2d51fb0164c438fbdaa8c29ed2e5e/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.58.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-58-74.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Mon, 26 Feb 2024 02:12:37 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Server
nginx
Connection
keep-alive
Content-Length
43
X-Q-Stat
,b27f8311604b600a620b8db230f44920,10.0.0.52,40550,193.32.248.208,,211309668011,1,1708913557.066,0.003,,.,0,0,0.000,0.000,-,0,0,203,136,68,10,34729,,,,,,-,
Content-Type
image/gif
6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
assets.website-files.com/6579dd0b5f9a54376d296915/
19 KB
19 KB
Font
General
Full URL
https://assets.website-files.com/6579dd0b5f9a54376d296915/6579dd0b5f9a54376d29694d_roboto-regular-webfont.woff2
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/6579dd0b5f9a54376d296915/css/huntress-new.062b0308b.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:9a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c

Request headers

Referer
https://assets-global.website-files.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 28 Dec 2023 20:23:09 GMT
x-amz-version-id
1upZc36cdk27x7Arg8l9thaL3L34ome5
via
1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
age
5118568
x-amz-cf-pop
MUC50-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
19348
last-modified
Wed, 13 Dec 2023 16:34:20 GMT
server
AmazonS3
etag
"a0118c6d18835732ae0eb880babc7598"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
XV8PxRRSVX8m2WntqEEnGux3AB3hMwqu7C0sKHoF14oc7BQy-yZNYw==
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js
huntresscdn.com/
111 KB
112 KB
Script
General
Full URL
https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
cf-cache-status
HIT
last-modified
Mon, 26 Feb 2024 01:23:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2965
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gyDvW0ReNI0jwrziWNBQtTsqFfABpkvQCqndTzLwMvH9V%2FXHxHfQXSuJN0caLZ1Bo3VgjZn0Uz4v1q3S727pF4sY5QGyulWpEGga0uNxO3Kllo%2B%2B%2F22r6IDXQxfQO8rYKBLFGBJz9%2FFAutjndA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
max-age=14400, maxage=14400
accept-ranges
bytes
cf-ray
85b4aa027b692bac-FRA
content-length
113865
3911692.js
js.hs-analytics.net/analytics/1708913400000/
68 KB
22 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1708913400000/3911692.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e18e0de698cf23fd92548a1fe0ad6b67b30b46a456f519f55a7536b0aa49ad5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
RHJ4C1QG79HNE7Q6
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
e5b1d2cb-ae49-498c-a244-94390f2a4488
x-envoy-upstream-service-time
18
x-amz-id-2
IcdOsfVLZHkavGynd1rLAmFnQqEMs6uDb3YLSthVLil7nlQp+COccW9Jela6S5D61gUHsw8IQbc=
x-evy-trace-listener
listener_https
x-request-id
e5b1d2cb-ae49-498c-a244-94390f2a4488
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 05 Jan 2024 02:41:43 GMT
server
cloudflare
etag
W/"a7468601998ca948c93644fdf153e70b"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-rk9w9
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
85b4aa027902451c-TXL
expires
Mon, 26 Feb 2024 02:17:36 GMT
web-interactives-embed.js
js.hubspot.com/
83 KB
25 KB
Script
General
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee9f2f620122112ded1f6498ba96d1c797429ab7c07806f689ed5d7142c15973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.911/bundles/project.js&cfRay=85983ede9e3bbfab-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"0e31e7204888ce69b5f5486b7f3c8806"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.911/bundles/project.js
date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-version-id
6TFkQJ5lE2FVj1l7Z_pBZDXw00jHreli
via
1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
7aaad1fb-8960-4d28-8795-dc14e7e838f5
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-evy-trace-route-configuration
listener_https/all
x-request-id
7aaad1fb-8960-4d28-8795-dc14e7e838f5
last-modified
Thu, 22 Feb 2024 11:41:13 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fIFqxOJ7%2FiKmNnpo%2B%2BwGtncoOuIXpZXs%2FWdaw9j9L3m9l23AlQcsT5czYbNwJxKF2JNk6prVMn5YfQdYytcJo73vzh3bJrmfsZ%2FlEKtbp3322656FsbyBUO8ARhoZxitLH%2BIzITagSARkIa"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-748b697-nww6r
cf-ray
85b4aa027c5458f0-TXL
x-amz-cf-id
c8OLJDWF9iquzrLN8w2qJDNt7mY8sLGZAjiU5nCKLatV4YiwRb38NQ==
leadflows.js
js.hsleadflows.net/
551 KB
88 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:7a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
age
69924
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js&cfRay=85870a2e8e90c005-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"2a6dc24f5ac6c8a7eefaadde95ff2129"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js
date
Mon, 26 Feb 2024 02:12:36 GMT
x-amz-version-id
ukHk26vS_rf4a6X6Ik2.9R2qKIwOxT4G
via
1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
2a5ed17b-eb9d-4ec1-9f6e-fe7bc9044a51
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
11
x-evy-trace-route-configuration
listener_https/all
x-request-id
2a5ed17b-eb9d-4ec1-9f6e-fe7bc9044a51
last-modified
Tue, 06 Feb 2024 10:46:39 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-748b697-thgcp
cf-ray
85b4aa027901451c-TXL
x-amz-cf-id
FIkGbjq6OkltWKSuf3xi0mHSrq5R2umq_-hVuXXsvXqeMydbjk8VIQ==
3911692.js
js.hs-banner.com/
61 KB
17 KB
Script
General
Full URL
https://js.hs-banner.com/3911692.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b3f4331825536e7bfea2547e2bd1b906dfaeb46a4d0ee5c43961f90fdbfbea7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-version-id
qkHXkrATG0VKhsj2st9bJqf9v4vlL2TZ
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
3VK893T2XMJQ574D
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
d36ce4eb-ac26-4b84-8fb8-13d6be4d3145
x-envoy-upstream-service-time
24
x-amz-id-2
1GmKTGOpXLS3s/PGTitvBr0MsCtX9/guiH9fgv1jujCCMZdYIQxZ9xBUCD8db/TUYhHjMSZGvLVKlh5en7SLUmnMm7q6v5Es
x-evy-trace-listener
listener_https
x-request-id
d36ce4eb-ac26-4b84-8fb8-13d6be4d3145
x-evy-trace-route-configuration
listener_https/all
last-modified
Tue, 06 Feb 2024 15:04:16 GMT
server
cloudflare
etag
W/"02c69287440d36910a3fdd02cbd9c348"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.huntress.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-hgmm2
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
85b4aa02af2158f6-TXL
expires
Mon, 26 Feb 2024 02:17:37 GMT
fb.js
js.hsadspixel.net/
6 KB
4 KB
Script
General
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e7a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3016b5a6867e08a88976d0c9f47f100face0f7f3986c8bfd7ca8b0a4284dc488
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
x-amz-version-id
L1x7maYxyx00jK89bAcQJVuiTKuatqHg
via
1.1 7c77abdf1c625c25627fe2a24e660a34.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
cf3fa4f2-2517-4b05-a6e2-763690263223
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.529/bundles/pixels-release.js&cfRay=85a1f0cd187c349e-WAW
x-cache
Hit from cloudfront
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
age
1
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
cf3fa4f2-2517-4b05-a6e2-763690263223
last-modified
Fri, 23 Feb 2024 19:30:20 UTC
server
cloudflare
etag
W/"8f23788d9c52482ca2aa21e87645f7f9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-576f9d768-r7fvm
cf-ray
85b4aa02df4caca4-TXL
x-amz-cf-id
fHUhnL1qzEI-fajkCA9d6dOlirSyUYq_VygQNUaclfsxGXJgulSrMw==
x-hs-target-asset
adsscriptloaderstatic/static-1.529/bundles/pixels-release.js
collectedforms.js
js.hscollectedforms.net/
69 KB
25 KB
Script
General
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44dbbb0a1da3d1a2b3f637ba2eff82150de83164b3caf824fc0fc46633588de3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.huntress.com/
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.468/bundles/project.js&cfRay=858e347b9893357b-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"0892458d49ed5681928e6be69131caa7"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
collected-forms-embed-js/static-1.468/bundles/project.js
date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-version-id
VTCx5Wpr_CjwKFe_1K6ShUsHQL37oHcJ
via
1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
7955c8a0-06fd-4c54-927d-d8c35019fbcf
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-request-id
7955c8a0-06fd-4c54-927d-d8c35019fbcf
last-modified
Wed, 21 Feb 2024 09:36:07 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-748b697-h9dw7
cf-ray
85b4aa02e8a14522-TXL
x-amz-cf-id
bUOkT6ely0n6BWWDHZAplmNzkOKr1_oPzbNRbSe78fj-ix7b8hwzTg==
adsct
t.co/1/i/
43 B
378 B
Image
General
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=39e69ea7-36e6-452f-a0a1-31450ca974a0&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=450aedf7-00bb-46d1-9a5e-1c205016d4a3&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-response-time
178
date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
42c2efe83b582dc4
cache-control
no-cache, no-store, max-age=0
perf
7469935968
x-connection-hash
133f10dcf30be872a68df24c94a4d53dc2dd3c62614209f7c7accd4924e0a1c8
content-length
43
adsct
analytics.twitter.com/1/i/
43 B
727 B
Image
General
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=39e69ea7-36e6-452f-a0a1-31450ca974a0&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=450aedf7-00bb-46d1-9a5e-1c205016d4a3&tw_document_href=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&tw_iframe_status=0&txn_id=odo68&type=javascript&version=2.3.29
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-response-time
168
date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
cd30617d4ee381ef
cache-control
no-cache, no-store, max-age=0
perf
7469935968
x-connection-hash
c2c992e94146f5518b63d6567bff27a86e18e6c6514b5f242f853680eb6edefe
content-length
43
collect
region1.analytics.google.com/g/
0
246 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-GCTMBVFESS&gtm=45je42l0v9122196611z89171248136za220&_p=1708913555479&_gaz=1&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1019477950.1708913557&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708913556&sct=1&seg=0&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&dt=SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26%20CVE-2024-1708)&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1642
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.huntress.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
246 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GCTMBVFESS&cid=1019477950.1708913557&gtm=45je42l0v9122196611z89171248136za220&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GCTMBVFESS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.huntress.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GCTMBVFESS&cid=1019477950.1708913557&gtm=45je42l0v9122196611z89171248136za220&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0&z=730588226
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
purify.es.min.js
cdn.jsdelivr.net/npm/dompurify@2/dist/
24 KB
10 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/dompurify@2/dist/purify.es.min.js
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90a0e97d1921888bd5956eec1702603d06bca1b4ddf24f65eb9bbc998394b9fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://www.huntress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
8354
x-jsd-version
2.4.7
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230112-FRA, cache-lga21926-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"5fa2-qoF//wBYOoGgsVIKgm2Fqv6nGd8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PS8hS1LvyeNT8fJRmyT4cZOJ9w5910FP5z%2F76lPaF9806Ad5IS0lP8AeLP8ZtasgVR%2BfMyloW5%2B%2Blv0GNkd4jt3w6qiZ03rkRJV3a7nr1RIm4YoiHUawU6oLmmu0wmEFJ%2BFH6CQnwfwWDtMrjDE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
85b4aa007b5258f0-TXL
anchor
www.google.com/recaptcha/api2/ Frame 37EE
47 KB
30 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
701c6a58963ec3317ec3a50810267d99fcaa2d74e342cb7db4aec8aa4250b8af
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-K_hDnVlSjy743c-bf4oYDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.huntress.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-K_hDnVlSjy743c-bf4oYDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 26 Feb 2024 02:12:36 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
187059084.js
bat.bing.com/p/action/
4 KB
2 KB
Script
General
Full URL
https://bat.bing.com/p/action/187059084.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Mon, 26 Feb 2024 02:12:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 32CDE468DB4948E0B8609A815DF04A6A Ref B: CPH30EDGE0916 Ref C: 2024-02-26T02:12:36Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
0
bat.bing.com/action/
0
287 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=187059084&tm=gtm002&Ver=2&mid=8007eaad-2898-4821-a3e3-3c16601640af&sid=8266e6b0d44c11ee85e43fe964dc82c9&vid=8266ef30d44c11eebbe879d8895fb987&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26%20CVE-2024-1708)&p=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&r=&lt=1661&pt=1708913554880,,,,,0,19,19,19,157,64,157,248,292,249,1646,1649,1661,,,&pn=0,0&evt=pageLoad&sv=1&rn=998371
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 26 Feb 2024 02:12:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0D47BA14504548A3ACA3DFA5CD62BCD4 Ref B: CPH30EDGE0916 Ref C: 2024-02-26T02:12:36Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.3ba69200791f16077ba8.js
script.hotjar.com/
228 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.3ba69200791f16077ba8.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-87.muc50.r.cloudfront.net
Software
/
Resource Hash
c60a1c9a37989557aed8884899ddec28096d9624f4b43c602f9b335ae1db25cf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 11:39:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 5951b29f5460c0b6d21eb11bce7b8168.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
311611
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56245
last-modified
Thu, 22 Feb 2024 11:38:42 GMT
etag
"35c74e10d354e1166c41fd72674e0488"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
GEry3Y3kRzNUD0z_gu3D1F17VuvcMG1ktrjMryFu2xeqL5apxuXwtg==
sa.css
tags.srv.stackadapt.com/
65 B
203 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
8ad6a3979dc76675876a1647b475039421198c8e59323bf0b38ea68ebcad7e67

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 26 Feb 2024 02:12:36 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 26 Feb 2024 02:12:36 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
content-type
image/jpeg
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 26 Feb 2024 02:12:36 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
content-type
image/jpeg
403957864408442
connect.facebook.net/signals/config/
62 KB
13 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/403957864408442?v=2.9.147&r=stable&domain=www.huntress.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f007:8:face:b00c:0:1 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5172e93284d4516ea2e8fea2469a9b23556d92360b344cb50985c91db3cdbb12
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 26 Feb 2024 02:12:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
FwogoeyGoc6jd52YiXoHzjfoLHcp06GeaOO0K6duCerIFhac2juKR+vUguGE1oXxVEu59Gq3MLlC7jeJyATUbw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
gif.gif
ibc-flow.techtarget.com/a/
43 B
446 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1708913556564&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
17715818
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
via
1.1 google
x-guploader-uploadid
ABPtcPpEHtV4VpdAgGaGcnVpL1y9cGoJeYR2dYefWmIgzx-0Ov-X4rXOl58jrjhDmpp_swEh4L-67yAsUg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Mon, 26 Feb 2024 03:12:37 GMT
6si.min.js
j.6sc.co/
64 KB
18 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/e666a54d-ff29-48f9-9baa-2be6ac05412e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2024 19:00:41 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"65d799d9-101dd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
17693
expires
Mon, 26 Feb 2024 02:12:36 GMT
notify
api.neverbounce.com/v4/poe/
62 B
282 B
Script
General
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_872427
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.24.93.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-93-87.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b2d605a3cd3d5bdc5329c552ad9d3d9e14cfa388e94fdaeba33de126837f794f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
notify
api.neverbounce.com/v4/poe/
63 B
282 B
Script
General
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_0e95e4405380cdd75d8aa57fca3692dc&event=form.load&callback=__neverbounce_743233
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.24.93.87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-24-93-87.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9ab4f4f2d68860f4280c8b04d86795c1750db14c12a7229fc841a26a74365e39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17715818&r=1708913556564&ref=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 26 Feb 2024 02:12:36 GMT
expires
Mon, 26 Feb 2024 02:12:36 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ABPtcPripZt_JuIekb18BJPNJXDzj3MuIa0_TU_1amTqK0RkdGrM9CSiMWlSIevfkThogyEvox00yuo1Bw
187059084
www.clarity.ms/tag/uet/
829 B
1 KB
Script
General
Full URL
https://www.clarity.ms/tag/uet/187059084
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/187059084.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c4164a3d0784395509dfaf5f9e5b476b3f5c9a878e74178e27a00ec929203447

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
-1
date
Mon, 26 Feb 2024 02:12:37 GMT
x-azure-ref
20240226T021237Z-ebswu8rc2d1tzaeyrgpczq5d2800000003x0000000007efr
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
829
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=403957864408442&ev=PageView&dl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&rl=&if=false&ts=1708913556880&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1708913556879.1145744010&cs_est=true&ler=empty&cdl=API_unavailable&it=1708913556562&coo=false&exp=e1&rqm=GET
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f107:83:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 26 Feb 2024 02:12:37 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
saq_pxl
tags.srv.stackadapt.com/
138 B
333 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&t=SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26%20CVE-2024-1708)&tip=FbvefSwHUfUlak0tGe0QrsKKYr-3Xh7YaYCNr56TYVk&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=%270-b5787396-29e7-5c6d-6917-46ebd9fc5b94%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9b578739629e75c6d691746ebd9fc5b94c120f8d0&sa-user-id-v3=s%253AAQAKIAvrl3lTQBG6hJHuk-_O8y5Wd-6cMm2JeaFsw14To1uvEHwYBCCU5--uBjABOgRUSQl9QgQmFONs.LDBzVciG90dSnRcvu3FsoJHXCQB5ORWLe0sUDeetPzA&sa-user-id-v2=s%253AtXhzlinnXG1pF0br2fxblMEg-NA.W%252BASp4k0siayOAymf5IfLY2bsC%252FKbaMh2Yk94QGe7DQ&sa-user-id=s%253A0-b5787396-29e7-5c6d-6917-46ebd9fc5b94.U4GK2S2GIpazHutRRPfXrqHObz%252F0Bp4CSK1B25l%252B6gY
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
https://www.huntress.com
date
Mon, 26 Feb 2024 02:12:36 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
138
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
saq_pxl
tags.srv.stackadapt.com/
138 B
333 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=yZKscIIzalsoNin7qAYxQw&is_js=true&landing_url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&t=SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26%20CVE-2024-1708)&tip=FbvefSwHUfUlak0tGe0QrsKKYr-3Xh7YaYCNr56TYVk&host=https%3A%2F%2Fwww.huntress.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9b578739629e75c6d691746ebd9fc5b94c120f8d0&sa-user-id-v3=s%253AAQAKIAvrl3lTQBG6hJHuk-_O8y5Wd-6cMm2JeaFsw14To1uvEHwYBCCU5--uBjABOgRUSQl9QgQmFONs.LDBzVciG90dSnRcvu3FsoJHXCQB5ORWLe0sUDeetPzA&sa-user-id-v2=s%253AtXhzlinnXG1pF0br2fxblMEg-NA.W%252BASp4k0siayOAymf5IfLY2bsC%252FKbaMh2Yk94QGe7DQ&sa-user-id=s%253A0-b5787396-29e7-5c6d-6917-46ebd9fc5b94.U4GK2S2GIpazHutRRPfXrqHObz%252F0Bp4CSK1B25l%252B6gY
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.28.63.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-63-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin
https://www.huntress.com
date
Mon, 26 Feb 2024 02:12:36 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
138
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
t2_12z44i_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/
86 B
700 B
XHR
General
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_12z44i_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1708913556901&id=t2_12z44i&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=a586f120-7429-4081-ad33-98bf164098eb&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
traffic
api-gw.metadata.io/ Frame
0
0
Preflight
General
Full URL
https://api-gw.metadata.io/traffic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.201.163.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-201-163-72.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
content-type
application/json
date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-apigw-id
TuL_ZHXCvHcEdww=
x-amzn-requestid
7f7a1a3c-40a1-4c73-9827-7acb29c9261a
traffic
api-gw.metadata.io/
0
0
Fetch
General
Full URL
https://api-gw.metadata.io/traffic
Requested by
Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.201.163.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-201-163-72.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-amzn-remapped-content-length
0
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
5ccc98de-1f97-4e34-b25e-b5646e486cab
access-control-max-age
1728000
access-control-allow-methods
OPTIONS,POST
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length
0
x-amzn-remapped-date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-apigw-id
TuL_bEiUvHcEemA=
cs
a.usbrowserspeed.com/
0
0
Fetch
General
Full URL
https://a.usbrowserspeed.com/cs?pid=5de38576d91fe7ac65e01de48078379caf9e72e979b06a5762372b0c12e930ef&puid=lt2b0blcdkwyassvees
Requested by
Host: cdn.metadata.io
URL: https://cdn.metadata.io/site-insights.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.167.166.227 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-166-227.us-west-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
server
awselb/2.0
styles__ltr.css
www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/ Frame 37EE
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15492
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 05:01:55 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 21:54:25 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/ Frame 37EE
494 KB
197 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d858a3e24fc094b6683f21b0c4c57db4d91a65618c8ebdf8054c7d6142b89bfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 12:54:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47886
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
201516
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 05:01:55 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 12:54:31 GMT
tp2
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/ Frame
0
0
Preflight
General
Full URL
https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
151.227.159.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, HEAD, OPTIONS
access-control-allow-origin
https://www.huntress.com
content-length
0
content-type
application/json
date
Mon, 26 Feb 2024 02:12:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
tp2
webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/
53 B
325 B
XHR
General
Full URL
https://webhooks.fivetran.com/snowplow/ec8653cd-0011-4e95-956d-5d58fd8cd16e/com.snowplowanalytics.snowplow/tp2
Requested by
Host: huntresscdn.com
URL: https://huntresscdn.com/19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
151.227.159.34.bc.googleusercontent.com
Software
/
Resource Hash
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
access-control-allow-methods
GET, POST, HEAD, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.huntress.com
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
53
/
c.6sc.co/
7 B
194 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.huntress.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
20 B
314 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2baa Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
eca911cde383d98bf0ebfaeae9ffcbf9a217014053c43f8a4206d325f4988a5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.huntress.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a03:1b20:b:f011::1e
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1708913557175_389360550_2420568436_25_1300_116_234_219";dur=1
content-length
20
expires
Mon, 26 Feb 2024 02:12:37 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-p...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-p...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-...
0
266 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&cookiesTest=true&e_ipv6=AQJLcFJ8uUXf0AAAAY3jL3-FlVyB0uFgiataIsyTfTvII8xequoJ0uKovxDYOwX2CqTmf1mY
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 2477F74E7598438BAAAF7ADCA1E21A95 Ref B: CPH30EDGE0812 Ref C: 2024-02-26T02:12:37Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYSP3GNxNpKWsVqxcpFDQ==

Redirect headers

date
Mon, 26 Feb 2024 02:12:36 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 5BD867BEF9864DB59BF5D04A7CA29306 Ref B: CPH30EDGE0915 Ref C: 2024-02-26T02:12:37Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3281745&time=1708913556991&li_adsId=b4785178-9db3-4d0a-be35-9cf807bdd5fd&url=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&cookiesTest=true&e_ipv6=AQJLcFJ8uUXf0AAAAY3jL3-FlVyB0uFgiataIsyTfTvII8xequoJ0uKovxDYOwX2CqTmf1mY
x-li-proto
http/2
content-length
0
x-li-uuid
AAYSP3GKBgqmpakFk/XPYQ==
/
px.ads.linkedin.com/wa/
0
701 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 26 Feb 2024 02:12:36 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 500D94675B17437081FD1EF9EDDD1A17 Ref B: CPH30EDGE0915 Ref C: 2024-02-26T02:12:37Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
access-control-allow-origin
https://www.huntress.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYSP3GGRMDsy4TWgzu/8g==
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/
404 B
1 KB
Fetch
General
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=3911692&currentUrl=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4ed09704-43ce-45ca-aaf4-816a60d71bfb
content-encoding
br
x-envoy-upstream-service-time
12
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4ed09704-43ce-45ca-aaf4-816a60d71bfb
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.huntress.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFZHXulcChW2zMpMRzxks5Eh0PdB4Ncln%2FUWgWEeDEAQkTlC%2FKbzm%2BdUwC7vGTudKDWkUIxFgeEKq2yYFqQpAPqOoTes%2BoqFMfz0WeAaLUlMAG54JgEqrDAvj3cNSonGa5X0QWsBsEIPiJKHBq1BUlE%2B82M%2Fu3FpVI0%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
85b4aa038cde58f0-TXL
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-z8vxw
json
forms.hscollectedforms.net/collected-forms/v1/config/
115 B
411 B
XHR
General
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=3911692&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d1a73039-2368-4381-9aa1-c0a46f821875
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d1a73039-2368-4381-9aa1-c0a46f821875
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.huntress.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-576f9d768-xvt9q
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
85b4aa0409de4522-TXL
8dfdc0b7-4fa3-4134-830e-ded623d9308e
https://www.huntress.com/
43 B
0
Image
General
Full URL
blob:https://www.huntress.com/8dfdc0b7-4fa3-4134-830e-ded623d9308e
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
counters.gif
perf-na1.hsforms.com/embed/v3/
35 B
1 KB
Image
General
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Mon, 26 Feb 2024 02:12:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
3a350dfb-19bd-4978-9530-5e9b07e25e06
x-envoy-upstream-service-time
4
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3a350dfb-19bd-4978-9530-5e9b07e25e06
Last-Modified
Mon, 26 Feb 2024 02:12:37 GMT
Server
cloudflare
X-Trace
2BFF3FB69EF9612CAC03F2B35B93585742EA5ED9B8000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-9285z
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
85b4aa04a886aca4-TXL
truncated
/ Frame 37EE
14 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 37EE
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 37EE
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:38:03 GMT
x-content-type-options
nosniff
age
412474
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Wed, 28 Feb 2024 07:38:03 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 37EE
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:46:35 GMT
x-content-type-options
nosniff
age
411962
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 07:46:35 GMT
YNxvpUI_pv4_zU5Ebw8L1bORgKToF_ub42F5gJowWfw.js
www.google.com/js/bg/ Frame 37EE
17 KB
7 KB
Script
General
Full URL
https://www.google.com/js/bg/YNxvpUI_pv4_zU5Ebw8L1bORgKToF_ub42F5gJowWfw.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60dc6fa5423fa6fe3fcd4e446f0f0bd5b39180a4e817fb9be36179809a3059fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:40:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
412350
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6955
x-xss-protection
0
last-modified
Mon, 12 Feb 2024 13:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Feb 2025 07:40:07 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 37EE
102 B
135 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9a78a8a63fbc8fb312b448c65256801eada8ae34f9d2032d1314705cab3299bb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC&co=aHR0cHM6Ly93d3cuaHVudHJlc3MuY29tOjQ0Mw..&hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&size=normal&cb=woov1w6c2ca3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 26 Feb 2024 02:12:37 GMT
counters.gif
forms.hsforms.com/embed/v3/
35 B
1015 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Mon, 26 Feb 2024 02:12:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
7b003c6c-491e-47cb-8f17-340d520dde01
x-envoy-upstream-service-time
4
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7b003c6c-491e-47cb-8f17-340d520dde01
Server
cloudflare
X-Trace
2BD9340A387E38DF5E7C78EC96FC3633EC0F35B4B1000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-pd6kl
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
85b4aa052cfd450a-TXL
view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame
0
0
Preflight
General
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.huntress.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
85b4aa055b714516-TXL
content-length
0
content-type
application/octet-stream
date
Mon, 26 Feb 2024 02:12:37 GMT
server
cloudflare
timing-allow-origin
*
vary
origin
x-envoy-upstream-service-time
1
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-hgmm2
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
df8d001e-e450-4ce0-a382-6bdeee9e6cb3
x-request-id
df8d001e-e450-4ce0-a382-6bdeee9e6cb3
view
js.hs-banner.com/cookie-banner-public/v1/activity/
0
173 B
XHR
General
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8b8069a7-c0fe-4bd3-91ce-fa22ab1c670f
x-envoy-upstream-service-time
20
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8b8069a7-c0fe-4bd3-91ce-fa22ab1c670f
server
cloudflare
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.huntress.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary
origin
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-rk9w9
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
85b4aa074c954516-TXL
clarity.js
www.clarity.ms/s/0.7.20/
60 KB
25 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187059084
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
br
last-modified
Wed, 24 Jan 2024 14:33:55 GMT
etag
W/"0x8DC1CE97EB406F9"
vary
Accept-Encoding
x-azure-ref
20240226T021237Z-ebswu8rc2d1tzaeyrgpczq5d2800000003x0000000007efv
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
053da0a1-301e-002f-15d4-652310000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
bframe
www.google.com/recaptcha/api2/ Frame 5714
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6c1aca2970c972b98f5d71cbe48a0d6d59d986907cde139772422511aa3aa67f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-eb6Y67LfNxykEFw2C2Ac4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.huntress.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-eb6Y67LfNxykEFw2C2Ac4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 26 Feb 2024 02:12:37 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/ Frame 5714
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:54:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15492
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 05:01:55 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 21:54:25 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/ Frame 5714
494 KB
197 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=1kRDYC3bfA-o6-tsWzIBvp7k&k=6LchEywUAAAAAAdAXlscEm7Kcb3DJ38pngRCQJsC
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d858a3e24fc094b6683f21b0c4c57db4d91a65618c8ebdf8054c7d6142b89bfd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 12:54:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47886
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
201516
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 05:01:55 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 12:54:31 GMT
collect
v.clarity.ms/
0
296 B
XHR
General
Full URL
https://v.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.huntress.com
Date
Mon, 26 Feb 2024 02:12:38 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
getuidj
secure.adnxs.com/
11 B
702 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
an-x-request-uuid
e7cddac1-cbbe-48a5-9857-edc979a747aa
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.huntress.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
193.32.248.208; 193.32.248.208; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
194 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.huntress.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
20 B
312 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2baa Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
eca911cde383d98bf0ebfaeae9ffcbf9a217014053c43f8a4206d325f4988a5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.huntress.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a03:1b20:b:f011::1e
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1708913557811_389360550_2420568593_22_1059_116_0_219";dur=1
content-length
20
expires
Mon, 26 Feb 2024 02:12:37 GMT
core
rc-widget-frame.js.driftt.com/ Frame 1B1C
2 KB
1 KB
Document
General
Full URL
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1708913700000/5d3cypit2iz8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.huntress.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Mon, 26 Feb 2024 02:12:38 GMT
etag
W/"6a5cea74d414ec151635bd2880abb1c3"
last-modified
Mon, 21 Aug 2023 14:57:03 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-id
b_GmGS_d9eSYahdvL0qV9Nh5ht77qFDjKn6sGnXzHHKiYaUvF5DB9Q==
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-amz-version-id
hIxJdEPbt_45OV8bTT9Ad1M7VE.ABA8G
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
16
zi-tag.js
js.zi-scripts.com/
8 KB
3 KB
Script
General
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.huntress.com
URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
x-amz-version-id
lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Mon, 11 Dec 2023 12:17:02 GMT
server
cloudflare
via
1.1 a6d85ea59bcdf706b41bccb78ec2f8f2.cloudfront.net (CloudFront)
x-amz-cf-pop
MIA3-P7
etag
W/"15c02cdee0df6c26ba3d8c62d912c66c"
age
53870
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cf-ray
85b4aa081a9358ea-TXL
x-amz-cf-id
iesBSzeY72RS3Y-MaGQIHxtqfpYN-gFNM1Plh9EfpK_a2fxFIljgHQ==
blockedDomains.json
hubspotonwebflow.com/assets/js/
98 KB
23 KB
Fetch
General
Full URL
https://hubspotonwebflow.com/assets/js/blockedDomains.json
Requested by
Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-123.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::j6mj9-1708913557735-8edbbe9be950
age
174004
x-matched-path
/assets/js/blockedDomains.json
etag
W/"04708d47dd194d37b8231a65de7a66f1"
x-vercel-cache
HIT
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="blockedDomains.json"
blockList
hubspotonwebflow.com/api/forms/
47 B
328 B
Fetch
General
Full URL
https://hubspotonwebflow.com/api/forms/blockList?id=92048dff-ffdc-421f-9344-58c3ff0002d9
Requested by
Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-123.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::iad1::8kt4b-1708913557736-e3b1700e2cf3
age
0
x-matched-path
/api/forms/blockList
x-vercel-cache
MISS
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-vercel-execution-region
iad1
cache-control
public, max-age=0, must-revalidate
access-control-allow-headers
Content-Type, Authorization
blockList
hubspotonwebflow.com/api/forms/
47 B
138 B
Fetch
General
Full URL
https://hubspotonwebflow.com/api/forms/blockList?id=c32ae9e7-4a4b-4436-a6e4-0de41bd8df62
Requested by
Host: hubspotonwebflow.com
URL: https://hubspotonwebflow.com/assets/js/form-123.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::iad1::g62nq-1708913557736-6e16b739bf69
age
0
x-matched-path
/api/forms/blockList
x-vercel-cache
MISS
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-vercel-execution-region
iad1
cache-control
public, max-age=0, must-revalidate
access-control-allow-headers
Content-Type, Authorization
__ptq.gif
track.hubspot.com/
45 B
1 KB
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1638682131&v=1.1&a=3911692&rcu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&t=SlashAndGrab%3A+ScreenConnect+Post-Exploitation+in+the+Wild+(CVE-2024-1709+%26+CVE-2024-1708)&cts=1708913557724&vi=5461e01dd95f3d047cd3c01a2360ae4e&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
0add0cef-e4b8-4424-b099-f4a6170049d8
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0add0cef-e4b8-4424-b099-f4a6170049d8
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQadNZ6ML7L4TZzOpELYQ1vkYKQMJ0GLRtm2u4BP56UfCv74BYQC4Tjp3aAjr0ms24a5EGAOqZru9dDdWQBDNmg%2FvRigtCu3VNnRhiTVdsKfaj%2BNcBYVsb60KYylk6x9ZVES9e4LR47eP634U7s7"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-bslj5
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
85b4aa080b42266d-TXL
x-robots-tag
none
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&RedC=c.clarity.ms&MXFR=19CBBC8B85A86A31367DA8BA81A8641E
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&MUID=0C1A49778B4D6A0026B25D468A266BAC
42 B
442 B
Image
General
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&MUID=0C1A49778B4D6A0026B25D468A266BAC
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
last-modified
Fri, 09 Feb 2024 19:55:32 GMT
server
Microsoft-IIS/10.0
etag
"2155d7f0915bda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 26 Feb 2024 02:12:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B44AF34CC89D46BA958BA79F7A8C8BB0 Ref B: CPH30EDGE0916 Ref C: 2024-02-26T02:12:37Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C2B146F6338848BAB601A61E0EC6DF2A&MUID=0C1A49778B4D6A0026B25D468A266BAC
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22a87a3edc53b5a86d1795d11887b5aa39%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c081b6bcc07a45b013b81ff3441b82387640805c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228769192b-20ba-4df2-8d62-2740a805c3e8%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3Ab%3Af011%3A%3A1e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
getSubscriptions
js.zi-scripts.com/unified/v1/master/
150 B
428 B
Fetch
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c2041ad0b35da95bcd443cf0c31a1bc1117cab1b86e82f6556265da9b2c46cb9

Request headers

visited_url
https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer 5880e3e5891679926699
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
via
1.1 5463c8daa4ccc5752a42a4b281a8fb10.cloudfront.net (CloudFront)
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-amz-cf-pop
BAH53-C1
x-powered-by
Express
etag
W/"96-wcI4AhRM7vLqW00tOOhe7XRXr8w"
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cf-ray
85b4aa0f6afd2675-TXL
x-amz-cf-id
kxlGCH1gqNVVcfhintaFlqSRXHNqc5m9o9Wum983nOU0C5bpOkViJg==
apigw-requestid
TuL_ui9WvHcESpg=
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame
0
0
Preflight
General
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
access-control-max-age
0
apigw-requestid
TuL_mge3PHcEMew=
cf-cache-status
DYNAMIC
cf-ray
85b4aa09480f2675-TXL
date
Mon, 26 Feb 2024 02:12:38 GMT
server
cloudflare
vary
Access-Control-Request-Headers
via
1.1 5064313e440a4fd329eb4dda0aa4fb12.cloudfront.net (CloudFront)
x-amz-cf-id
YJsNLlb49tgbDg77fvOByijim8jq-sBeDvM0Ws_6z7Qv-4rYdusPJQ==
x-amz-cf-pop
BAH53-C1
x-cache
Miss from cloudfront
x-powered-by
Express
runtime~main.23dacaf3.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
6 KB
3 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Origin
https://rc-widget-frame.js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-amz-version-id
pIvWjpmnkFEOPFn4Wb5jKsJCJYLlBZpR
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 21 Aug 2023 14:57:27 GMT
server
istio-envoy
etag
W/"7bebf8444c728503329344c5817cc4e6"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
cfytGBt1cpCzKp4fcTDSDo71gG3KQepDe6_4Zd-L1rU5OoB5HvE-2Q==
9.4a3e9801.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
35 KB
13 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/9.4a3e9801.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Origin
https://rc-widget-frame.js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-amz-version-id
1cFauEtn__q5IgdcRU1AtZA4JQmDTnyz
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
23
last-modified
Thu, 22 Feb 2024 22:37:16 GMT
server
istio-envoy
etag
W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
roGl-5qQOepRyX-NP4B5IVrgDBWbv7oyQIasAMNfVrmT_ys6DFAEXw==
main~493df0b3.91dc5a14.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
7 KB
3 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/main~493df0b3.91dc5a14.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Origin
https://rc-widget-frame.js.driftt.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-amz-version-id
aQ8O6UMWsN.2o5G5k1LSH1svCMcNLzIM
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
20
last-modified
Mon, 21 Aug 2023 14:57:27 GMT
server
istio-envoy
etag
W/"c11c9776fa434757756e10e6ded61c75"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
PkKS9nwj4tyBoRgikP0xOU_sejsKBYXFxfiN6FwaQ7ZnMA8R4JnofQ==
collect
v.clarity.ms/
0
296 B
XHR
General
Full URL
https://v.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.huntress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.huntress.com
Date
Mon, 26 Feb 2024 02:12:38 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A36%20GMT%22%2C%22timeSpent%22%3A%222539%22%2C%22totalTimeSpent%22%3A%222539%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
51.558be3c5.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
23 KB
8 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
9BsddNz5pFV1oSvA5e.5cKfrQNLzQUBc
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 22 Feb 2024 22:37:15 GMT
server
istio-envoy
etag
W/"fa281fcbe4b2e35558d60fae3e316367"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
cm8-NJRDMy74DtaIuMvi5gaCCc7lA-kFEYbtTOB_o2OzDFS1wF7njg==
33.ae4de0a0.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
36 KB
10 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
PUG2tPuHbg6UXU15H37d6Lifu.5b8Act
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
15
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"db0cd5b66c52523e10b87a0c8a2db182"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
tGdFa_-7OiwAEZgANfiXw7ARD9DgzwldfZjLGrtXmca1vAtEDKXWhg==
22.6b9a301a.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
32 KB
11 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/22.6b9a301a.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
JgORkQCMnPwk_ThSQN_L5KNVS4iQJOh3
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
26
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"d8739a9fe9a3a42936f5cd86c8727494"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ydTIMNDEtf97LYskB2syviwh9mBl3KwtPaJ6hxTz4Fz-hFhdvxDRXg==
19.6f85b843.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
17 KB
6 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/19.6f85b843.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
QnahuzkLHArxi8e8qQoaRJqH.MKuQ7cl
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
pZ5w52RTmQEtwh97ddQd2ArJQM18Rj4EWcXx82ZFPzo4QqLI8fq1oQ==
41.b4fc4de2.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
25 KB
8 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:38 GMT
x-amz-version-id
KifaB_.AavLrg8l_zwhBnxmLIz6Z9QIZ
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
16
last-modified
Thu, 22 Feb 2024 22:37:15 GMT
server
istio-envoy
etag
W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wz1jhLiNxvqAJGTAW2kZsfWOWP2oOgJ1CggMGGB6ER2HwJrRlpFR9A==
20.8c21ea18.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
74 KB
23 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/20.8c21ea18.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
wK4a7E_O1njKQagc8jOkC9wRWulYOk_X
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
21
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"6d77a76055d81227033363af2f18caf8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
LNK1JQZIRdTRU9KSn1Q6F1tfS073BY3JY9AG0Y17e1OtLwKnzedxOg==
27.3951aad8.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
66 KB
20 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/27.3951aad8.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
PLRwkxTy0W_1o8rwzVQG6XR9UyxAvjNh
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
14
last-modified
Sat, 02 Sep 2023 21:37:07 GMT
server
istio-envoy
etag
W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
LUEPPNKEDl00dktSyFeXYs1q4nL5TDj8uA8_Gw0f7_TfY9P_NthAyQ==
14.e24a6190.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
91 KB
28 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/14.e24a6190.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
PBvdUrCv29d2sSpGXCjleb8Wc9_qQiCP
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
32
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"16d7ae86e21434a32157d3226ac9bb77"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yHlJ44Qo9_P33LYeshNJlpw9KVIIjAy-f0_QB0tGlZcmwie6etwvRg==
11.639238ba.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
23 KB
7 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/11.639238ba.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
gulU3E2K9U5uVvJjNMJbXK8usUj.jDVv
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
15
last-modified
Thu, 22 Feb 2024 22:37:13 GMT
server
istio-envoy
etag
W/"4049f38c00add1738dc4806148ff8829"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
f2MeAOJgfAnaHM0ozNAx9JgvxMNXqathimsLinKfV5zoDw7sW7f-QQ==
18.9c1bd1fb.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
62 KB
20 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
GyRbXIxt3P9HFTaOoA7hKzH9wOFdcBPj
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
18
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"02f09379c544befa413d22eb57ed41de"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ZnV9M4iGcTBMvV1NOUhqhS_U8L13eDG8j_C2YLauY8bgxUS8sWHXjA==
49.f7274268.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
105 KB
34 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/49.f7274268.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
e9FeDVNOynVw.kbVHBmbgonNPMtB.9wl
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
22
last-modified
Thu, 22 Feb 2024 22:37:15 GMT
server
istio-envoy
etag
W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
M27vZ2cYl9bS5CI3fmlEOOyO9N_YLHp5i_wtavcK4C1iToJ6hbRGwg==
40.31ef8dbf.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
12 KB
4 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
itaRN2k9jWA933Qs2y_moKEaAq5Ij4Fv
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
21
last-modified
Thu, 22 Feb 2024 22:37:15 GMT
server
istio-envoy
etag
W/"b0793fa46e8c0ae1846b7be8a833da35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
SIuMN9TiXFanabI8oZbJL7U7lvbwM2Qvcp3N6I4-I2dhYtfxFAlJuQ==
29.31d09948.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
13 KB
6 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/29.31d09948.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
S9Un8XlpWgrQDm2gXLMx8izq7rvR0PP5
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
31
last-modified
Thu, 22 Feb 2024 22:37:15 GMT
server
istio-envoy
etag
W/"455157cb49065fb85fed54901ddaeb0e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
u_Sh03qEPOB_HSNrYPy3j5pZPJjr9FAeLrDJGDgA0LdPeBcRoVqJNA==
21.b8c41db9.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
17 KB
7 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/21.b8c41db9.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
m1BiP.ZxclXTQ4DAB9aQ2fezuGw5fNhV
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 22 Feb 2024 22:37:14 GMT
server
istio-envoy
etag
W/"65e5c965272e021ae33ff8bc39565ef5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VpkKIeqDaQxaQ9EeOyRjl9R4NemeXwxjGNRClf38WUrFxccGVN_g4g==
8.98b34517.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
31 KB
5 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/8.98b34517.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
iNKtCZtb69S5Xg2ti_W3KaKTIlBxoqLp
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
W/"82429fd1682dcb60e14996ad58a35a4f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
vXB_UVl0JIXbG8VDymMHb9_SVAxiqOUp5GmmXQZjGMEDO7Y7xriv7Q==
8.5fdda827.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
81 KB
25 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/8.5fdda827.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
s5Gs7OuwDj2F26kpSyydH_032jxZE3YX
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
33
last-modified
Mon, 21 Aug 2023 14:57:26 GMT
server
istio-envoy
etag
W/"f78079aaffe016efb8ec35b9fbb9f42f"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
Lqn2IIgOcoZlNP9kJHo9qciEg8e7YXdbm7fRbJVSu4JdhZDVVz2I3A==
16.22abfce0.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
24 B
697 B
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/16.22abfce0.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
6CfZ4kDlOh1lJZnbLTpaZ6OeRjJDslMO
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
14
content-length
24
last-modified
Thu, 22 Feb 2024 22:37:11 GMT
server
istio-envoy
etag
"0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
fzU4-xioL3YJ9SY2JO4FHRBffQcyVAv-qBqvJzFfzfWBhlTzV1DH6A==
16.890a0911.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
91 KB
24 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/16.890a0911.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
2cJi_0AtsucvWstmkbj3mO1t8SiuDMru
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
24
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"52b055a08e59141b8f7b7947c7d7ab69"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5ljoARTZAGW35zoCfa5bBqnNmjU5GtE95cR2Cap_7JAAlvoytLC81w==
24.24e43c3b.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
50 KB
14 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/24.24e43c3b.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
J3Ynz_VL_Xe.kEj4VqPxsio5dIqXBI10
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
14
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"390d4b78f4c738295b7974aca941d031"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wkVfMl6xuRwLm3iEcChjxuCMI4EIWllWbjCllpwLmSzrupKWp7-u5w==
17.413337a8.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
40 KB
13 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/17.413337a8.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
Ud1ylpzTdwt3qfnkRXUYob2T_ovQMI1N
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
21
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"4aea30e551ee7f04a564c0408c291306"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
qRG5o0jxF0Va41NBIguDkW_guK3soXjh3Vki5jPT6AgevQMsMwAP2w==
0.0b2ebd4a.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
9 KB
3 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
JU7T6b6r92PXBBYWzIR5rNP.N8k4D1fu
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
17
last-modified
Thu, 22 Feb 2024 22:37:13 GMT
server
istio-envoy
etag
W/"c5efcdc9e465604f32cf24af10fd6c13"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
oqccYTTJqZIyCSI3rVjFyoSgW4TSyYVXC_PaPrAou3pEE8tECgMfHw==
4.07aa08a5.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
7 KB
2 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/4.07aa08a5.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
wzblrhR8VgaZ91O5gq0aMSI2PU89S5cp
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
16
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
W/"189aeffd571884559dababa22c66d75a"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
9l1q6HH1M1PBxdj5uB9KcnHyy3Gmf4-RzurZWhO7CvA9EpHySJcX9w==
4.36582b8b.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
54 KB
15 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/4.36582b8b.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
aXK3nhxEmGQGmcWeEUpmTanxIifnp1mO
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
16
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"eb4f4fdfa625f5036ae2538950af438e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
fc4erllYXYN8so9pnwDre-Mo2Qrx93-j3zFxov2pILk-OZUgiGRG_Q==
34.4924e4bf.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
27 KB
8 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/34.4924e4bf.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
T7ywXmlgZ2pn_NjEp3YMDrKgM16OYgwy
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
17
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"2a9499a40949c70c9c00081b06639cb0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
FE7MQxWV0yfkpuFUMELiaaC14gcOkz8aR6XbEcrpe0YiQZ-yrwvirA==
1.12ba17b6.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
44 KB
7 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/1.12ba17b6.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
6M4DeWqag7cRcBctpRyYGFQRsJ58FjNj
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
16
last-modified
Thu, 22 Feb 2024 22:37:11 GMT
server
istio-envoy
etag
W/"3b8ba82e1bac13ee29e9764a55620d99"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
rIcG8GE2BpNR4dh--WIM6Y6czNu010DAMK43JfjVbXPxtMRdyoIfFw==
1.9d9c8c3b.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
54 KB
17 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/1.9d9c8c3b.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
TN5uaySIype7BWdOQeU5pFJLqRV.3qiK
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 21 Aug 2023 14:57:24 GMT
server
istio-envoy
etag
W/"bc8dde7d353b792cb424661adcff29fb"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ShVNlr38Ma-Cc8tgbEGog48MWYWwP1FlNTjjnzigXzk-sAFr6z1lcw==
3.bbe0e1fa.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
24 KB
10 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/3.bbe0e1fa.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
pHxDHN0IINa0RNuxMPvQ8pBn4Eg1GWSc
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
28
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"b394f9cf6fe473cdb6852b332234aa52"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DbQguv5dhA-_kxs-120xN5kclTNlJYtulPMlQI9DyxiEtUt3OdnwMQ==
26.5208cc6b.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
11 KB
3 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/26.5208cc6b.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
SrCjVsE3413g5wEL9F8CX8IFIQaqzFVz
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
23
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
W/"0842e637a23acc114afbb6195c984564"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ca-XtqD-tcPDjRuJqbNjKhFG5F7EeyVAjpFOkTVgdWhcfntk0lxl-A==
26.69219246.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
16 KB
6 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/26.69219246.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
xHgUeRJlJNXFuOCOFJ6VHVB_xDcgAWBV
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
18
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"c41c7243f45ea540e99a3256f4942432"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
wELxMxjsuXbKstFkUbLl3AZzWM1NxqmkjyzvsMDA7xIW5cYEkejJDg==
25.7addeee7.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
9 KB
2 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/25.7addeee7.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
EFJHE_lMh.tvaT0GqPW.1ROLceWNBRoz
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
20
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
W/"b9011653b355d04d18b2ff93e45e1ecd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
_pglc9mrqvW3JxDHnou7oX6bV60PKKgCrKJijqg6w8605jzXByXNVA==
25.915ff314.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
47 KB
15 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/25.915ff314.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
qod1m4nnLfUgaMaxljkZuFfY2SywXHfx
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
15
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"12bceaba2da6c30ab2a0aacbde681b0c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
yYqL8erUh-eavHrLq0I1KTZbRNUNpM518KS3UjX8Fv7RWtjhS7tPxw==
28.e29661b2.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
561 B
1 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/28.e29661b2.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
yOY99EI9PDEu6PYQSPkvCce7eoR8ev5W
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
20
content-length
561
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
"5847d5731c3141aa511411d6c66a193c"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
DwCXd0sgLsKVUBCqR8PmMdinrXgriue-QICKLqtXjxcukIdMQNRwjA==
28.7257241a.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
49 KB
14 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/28.7257241a.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-amz-version-id
Aw7E9DaiC.0zygWe8D.HQj28dALSaXA6
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
20
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"e737f53b0791dac4c523770b4992131c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
76SkX3o0OV33hj6phn9M7EHxl7w2e7ct2UonAh13qgNudlamJpyhGQ==
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223540%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:39 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
/
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/
3 KB
2 KB
Fetch
General
Full URL
https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9229cc7a045a77cde7958461fe119be76a757a9bd54426b7d7f32c4595d6112e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

visited-url
https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Referer
https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
_vtok
MTkzLjMyLjI0OC4yMDg=
_zitok
a9fa034788fd278b7a441708913559
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/javascript

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
https://www.huntress.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
85b4aa161ffaaca7-TXL
/
ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/ Frame
0
0
Preflight
General
Full URL
https://ws.zoominfo.com/pixel/62f67a71a4cf97008ef6d460/?iszitag=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.huntress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.huntress.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85b4aa149d8844f8-TXL
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 26 Feb 2024 02:12:39 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
35.3cdf48ae.chunk.css
rc-widget-frame.js.driftt.com/core/assets/css/ Frame 1B1C
16 KB
3 KB
Stylesheet
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/css/35.3cdf48ae.chunk.css
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
x-amz-version-id
V1yopT2bXZUj.CNczvGqS7_vfWAIiP2A
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
25
last-modified
Mon, 21 Aug 2023 14:57:23 GMT
server
istio-envoy
etag
W/"ac16e52f547ce8f3de32d9d7d591c2c0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
BYZYU6qusedjgOwghHU8NtDGK0ZKbV1hX0C6kRi-qIAd52bvAQhn8w==
35.3969a3d7.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
11 KB
5 KB
Script
General
Full URL
https://rc-widget-frame.js.driftt.com/core/assets/js/35.3969a3d7.chunk.js
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/runtime~main.23dacaf3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-93.muc50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rc-widget-frame.js.driftt.com/core?d=1&embedId=5d3cypit2iz8&eId=5d3cypit2iz8&region=US&forceShow=false&skipCampaigns=false&sessionId=f5d68ee2-f93c-44af-93e2-6dc4eb5e13c8&sessionStarted=1708913557.713&campaignRefreshToken=6d86fa06-a172-4525-ac67-866ce79a98d3&pageLoadStartTime=1708913555172&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
x-amz-version-id
_L8fRFK5jC3YnnGaFitzP.KBJ4MXVS_2
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 986e79a1f22b8bf29001818ede5df5c8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
19
last-modified
Mon, 21 Aug 2023 14:57:25 GMT
server
istio-envoy
etag
W/"dcd622adceee29d53432ca3f6e9eb777"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
6V-xTiXzXYhBMqyWlyzWJKs83Op-LxK915nfuMQ24PXOUfd-MvDQxg==
v2
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 1B1C
208 B
647 B
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap/ping/v2
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
facf8de270be69de3d2a6fc877d6bbf24baacdeb6f8c5b39a4ac4853bcc096bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://rc-widget-frame.js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
660c1168062cdc50
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
208
v2
customer.api.drift.com/integrations/hubspot/utk/ Frame 1B1C
2 B
64 B
XHR
General
Full URL
https://customer.api.drift.com/integrations/hubspot/utk/v2
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://rc-widget-frame.js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
afbef81688c4e9e1
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
108
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
2
v2
customer.api.drift.com/integrations/hubspot/utk/ Frame
0
0
Preflight
General
Full URL
https://customer.api.drift.com/integrations/hubspot/utk/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Mon, 26 Feb 2024 02:12:40 GMT
requestid
drift67c2ee74c32842540cb86d167c2
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
2
img.gif
b.6sc.co/v1/beacon/
43 B
484 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A39%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224540%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
v3
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 1B1C
25 B
89 B
XHR
General
Full URL
https://metrics.api.drift.com/monitoring/metrics/widget/init/v3
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://rc-widget-frame.js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
7bab8ebb3d22d1fd
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
11
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
25
widget_bootstrap
bootstrap.api.drift.com/ Frame 1B1C
10 KB
4 KB
XHR
General
Full URL
https://bootstrap.api.drift.com/widget_bootstrap
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
7e285a77b80972099da66db5e72db913e5790df103c86d2d4ec856a36261a2a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://rc-widget-frame.js.driftt.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 26 Feb 2024 02:12:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
istio-envoy
requestid
d397b3a200e3ed57
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
vary
Accept-Encoding
access-control-allow-credentials
true
x-envoy-upstream-service-time
186
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
img.gif
b.6sc.co/v1/beacon/
43 B
485 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=a87a3edc53b5a86d1795d11887b5aa39&svisitor=null&visitor=dace4490-5a0d-4db6-889f-e0ee4207e8d4&session=d6798b60-2ee7-483b-88b9-2c18bc7895ae&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2002%3A12%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225541%22%7D&isIframe=false&m=%7B%22description%22%3A%22Adversaries%20have%20been%20VERY%20busy%20in%20the%20wake%20of%20the%20ScreenConnect%20vulnerabilities%20(CVE-2024-1709%20%26%20CVE-2024-1708).%20Here%E2%80%99s%20all%20the%20post-exploitation%20details%2C%20tradecraft%2C%20and%20tactics%20we%E2%80%99ve%20observed%20so%20far!%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22SlashAndGrab%3A%20ScreenConnect%20Post-Exploitation%20in%20the%20Wild%20(CVE-2024-1709%20%26amp%3B%20CVE-2024-1708)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fslashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708&pageViewId=f310738a-07ab-46c1-84d4-e0bd2d168330&an_uid=0&webTagId=e666a54d-ff29-48f9-9baa-2be6ac05412e&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.53.42.251 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-53-42-251.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.huntress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 26 Feb 2024 02:12:41 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
track
event.api.drift.com/ Frame 1B1C
707 B
770 B
XHR
General
Full URL
https://event.api.drift.com/track
Requested by
Host: rc-widget-frame.js.driftt.com
URL: https://rc-widget-frame.js.driftt.com/core/assets/js/51.558be3c5.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b724231af690d7071f70ae273ccde392fa287312565860d4fa7828bbb97958e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://rc-widget-frame.js.driftt.com/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTEyMDAxNjMwOCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjUwOTI4MDQiLCJleHAiOjE3NDA1MzU5NjEsImlhdCI6MTcwODkxMzU2MX0.DDtm1VjXzgibuNDuJriyC_po17QTGriipWlwhdNCq9379UXhewOJ3GZsqycoikXm5IxQpD2TbvHVuc08CSTAOg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 26 Feb 2024 02:12:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
istio-envoy
requestid
98329849677d393f
access-control-max-age
1209600
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length
707
57.28dde8ce.chunk.js
rc-widget-frame.js.driftt.com/core/assets/js/ Frame 1B1C
0
0

track
event.api.drift.com/ Frame
0
0
Preflight
General
Full URL
https://event.api.drift.com/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-193-113-164.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://rc-widget-frame.js.driftt.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin
*
access-control-expose-headers
X-Results-Total-Count,X-Page-Info
access-control-max-age
1209600
allow
POST,OPTIONS
content-length
13
content-type
text/plain
date
Mon, 26 Feb 2024 02:12:41 GMT
requestid
drift66e317240689e590d96ad2cf446
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rc-widget-frame.js.driftt.com
URL
https://rc-widget-frame.js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Verdicts & Comments Add Verdict or Comment

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| dataLayer object| _6si function| drift undefined| driftt function| parcelRequire9fc0 object| regeneratorRuntime object| __SENTRY__ object| ChiliPiper object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id function| qp string| qpGtm function| twq function| fbq function| _fbq function| saq function| _saq object| zi string| ZIProjectKey function| hj object| _hjSettings object| _NBSettings object| techtargetic function| rdt object| recaptcha function| $ function| jQuery function| tram object| Webflow function| objectFitPolyfill object| GlobalSnowplowNamespace function| snowplow object| accordion object| WebflowTools function| getCookie function| mediumZoom object| qevents object| _hsp object| twttr function| UET function| UET_init function| UET_push function| onYouTubeIframeAPIReady object| gaGlobal object| fsAttributes object| FsAttributes function| Swiper object| closure_lm_757034 object| ueto_a2f635715a object| uetq object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| SENTRY_RELEASE undefined| Raven object| _nb function| __neverbounce_872427 function| __neverbounce_743233 object| 3eiXJRXgVuLsYGH9303q object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked string| res object| saCookies string| current_window_url_param object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels object| Metadata object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive object| _hsq undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN function| _typeof object| Snowplow boolean| PIXELS_RAN object| enabledEventSettings function| lintrk boolean| _already_called_lintrk object| ORIBILI object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| _paq function| sanitizeKey boolean| _hstc_loaded object| __hsCollectedFormsDebug boolean| _hspb_ran boolean| _hspb_loaded function| clarity object| clarityuetq object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| zitag object| ziws object| drift_sentry_config

58 Cookies

Domain/Path Name / Value
.huntress.com/ Name: _gcl_au
Value: 1.1.369099684.1708913556
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-b5787396-29e7-5c6d-6917-46ebd9fc5b94.U4GK2S2GIpazHutRRPfXrqHObz%2F0Bp4CSK1B25l%2B6gY
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-b5787396-29e7-5c6d-6917-46ebd9fc5b94.U4GK2S2GIpazHutRRPfXrqHObz%2F0Bp4CSK1B25l%2B6gY
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AtXhzlinnXG1pF0br2fxblMEg-NA.W%2BASp4k0siayOAymf5IfLY2bsC%2FKbaMh2Yk94QGe7DQ
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AtXhzlinnXG1pF0br2fxblMEg-NA.W%2BASp4k0siayOAymf5IfLY2bsC%2FKbaMh2Yk94QGe7DQ
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIAvrl3lTQBG6hJHuk-_O8y5Wd-6cMm2JeaFsw14To1uvEHwYBCCU5--uBjABOgRUSQl9QgQmFONs.LDBzVciG90dSnRcvu3FsoJHXCQB5ORWLe0sUDeetPzA
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIAvrl3lTQBG6hJHuk-_O8y5Wd-6cMm2JeaFsw14To1uvEHwYBCCU5--uBjABOgRUSQl9QgQmFONs.LDBzVciG90dSnRcvu3FsoJHXCQB5ORWLe0sUDeetPzA
.techtarget.com/ Name: __cf_bm
Value: 8fevX5iREPGo2Aveddezp2bUChrIhXPHgoQUh1IDpuo-1708913556-1.0-AY4Mgz/XASiwL1BO31Mrg5yxE9v5X5+pNO79bRU2gUXedx7dtgkqBvwZOtNmcHqtyXdsXia8RxWSFkXPnBddDm4=
.huntress.com/ Name: _ga_GCTMBVFESS
Value: GS1.1.1708913556.1.0.1708913556.60.0.0
.huntress.com/ Name: _ga
Value: GA1.1.1019477950.1708913557
.huntress.com/ Name: _uetsid
Value: 8266e6b0d44c11ee85e43fe964dc82c9
.huntress.com/ Name: _uetvid
Value: 8266ef30d44c11eebbe879d8895fb987
www.huntress.com/ Name: sa-user-id
Value: s%253A0-b5787396-29e7-5c6d-6917-46ebd9fc5b94.U4GK2S2GIpazHutRRPfXrqHObz%252F0Bp4CSK1B25l%252B6gY
www.huntress.com/ Name: sa-user-id-v2
Value: s%253AtXhzlinnXG1pF0br2fxblMEg-NA.W%252BASp4k0siayOAymf5IfLY2bsC%252FKbaMh2Yk94QGe7DQ
www.huntress.com/ Name: sa-user-id-v3
Value: s%253AAQAKIAvrl3lTQBG6hJHuk-_O8y5Wd-6cMm2JeaFsw14To1uvEHwYBCCU5--uBjABOgRUSQl9QgQmFONs.LDBzVciG90dSnRcvu3FsoJHXCQB5ORWLe0sUDeetPzA
.bing.com/ Name: MUID
Value: 0C1A49778B4D6A0026B25D468A266BAC
tracking.g2crowd.com/ Name: _session_id
Value: 87003391f262a4fede9d2202f7bb4a91
.g2crowd.com/ Name: __cf_bm
Value: caSuT4JLyA1TjSLmyvpHwZFIfdcBHbcVxmVAzi7dNdI-1708913556-1.0-ASJ2+nZinUHt6k/wWvwNwqLXFxQiCaAFc9fj8CVWjIyQpnkgbUyzfJaaR3/uHpJkiZaVHC/Q7s/p82JOHErgibM=
.huntress.com/ Name: _fbp
Value: fb.1.1708913556879.1145744010
.huntress.com/ Name: _rdt_uuid
Value: 1708913556900.a586f120-7429-4081-ad33-98bf164098eb
www.huntress.com/ Name: Metadata_visitor_id
Value: lt2b0blcdkwyassvees
www.huntress.com/ Name: Metadata_session_id
Value: lt2b0blcvluj2mcug3b
.huntress.com/ Name: _sp_ses.1564
Value: *
.huntress.com/ Name: _sp_id.1564
Value: 3ef2f0a1-f85f-4f88-a1a0-2805b2ee6c72.1708913557.1.1708913557.1708913557.abae2858-3276-4f77-9eb7-f40e72620787
.huntress.com/ Name: _hjSessionUser_2159185
Value: eyJpZCI6IjA1NjZhNDUzLTg4ZGItNWQ3Ni04ZWMxLTdiMDFhOTk2ZjBlNCIsImNyZWF0ZWQiOjE3MDg5MTM1NTcxNTgsImV4aXN0aW5nIjp0cnVlfQ==
.huntress.com/ Name: _hjSession_2159185
Value: eyJpZCI6ImMyOWMwMGVmLTdlOGUtNGQ3MC05NGUwLTg5OTJjMzE3ZWU1MyIsImMiOjE3MDg5MTM1NTcxNTgsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.t.co/ Name: muc_ads
Value: c2819d2f-85a8-4ff5-a765-afadd43974c5
.twitter.com/ Name: guest_id_marketing
Value: v1%3A170891355704853741
.twitter.com/ Name: guest_id_ads
Value: v1%3A170891355704853741
.twitter.com/ Name: personalization_id
Value: "v1_DTVJKlxSPl/WZw/J241uDA=="
.twitter.com/ Name: guest_id
Value: v1%3A170891355704853741
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2952:u=1:x=1:i=1708913557:t=1708999957:v=2:sig=AQFn7dhaT2dZF-ncUPtdMHYGdDVyJsZ3"
.linkedin.com/ Name: li_sugr
Value: a7944d79-6490-4684-8b30-8c01f59fb4ef
.linkedin.com/ Name: bcookie
Value: "v=2&9de203d2-45ed-4cc0-865a-c455bcde0458"
www.clarity.ms/ Name: CLID
Value: c78c26f2882348efb7adb78fa120b36b.20240226.20250225
.huntress.com/ Name: _clck
Value: xspijs%7C2%7Cfjl%7C0%7C1517
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDg5MTM1NTc7MjswMjH8SMJekyixTOnaaVX5F9MHvANjNHP2tbkfXlAEGFDlrw==
.a.usbrowserspeed.com/ Name: tuid
Value: 6ee6c87d-a723-4444-81b2-d43025b9a50b
www.huntress.com/ Name: drift_campaign_refresh
Value: 6d86fa06-a172-4525-ac67-866ce79a98d3
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
www.huntress.com/ Name: _an_uid
Value: 0
www.huntress.com/ Name: _gd_visitor
Value: dace4490-5a0d-4db6-889f-e0ee4207e8d4
www.huntress.com/ Name: _gd_session
Value: d6798b60-2ee7-483b-88b9-2c18bc7895ae
.hubspot.com/ Name: __cf_bm
Value: OUu9HtFF01ffBNwxAWJ4qbK58v_PApYfK2i2nG91Ht8-1708913557-1.0-AYwb8GV3e++rzsdKUqv/D919J+m18cEIwNxs/s6UdBHTdnyF6XFx5DArtLWETkkx3sm8qmWhI3aGeEJoX0/rr1U=
.hubspot.com/ Name: _cfuvid
Value: 0aLcGnwFw7GdUoU.G1EBWNkCEHk3eGMmy4pXuwCMOx4-1708913557889-0.0-604800000
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 0C1A49778B4D6A0026B25D468A266BAC
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 0C1A49778B4D6A0026B25D468A266BAC
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.6sc.co/ Name: 6suuid
Value: f72a3517ec6a010096f3db65720000004bf7b601
.huntress.com/ Name: _clsk
Value: 11fe58z%7C1708913558141%7C1%7C1%7Cv.clarity.ms%2Fcollect
.www.huntress.com/ Name: _zitok
Value: a9fa034788fd278b7a441708913559
.zoominfo.com/ Name: __cf_bm
Value: 2_U0X_ngBWovzMX3TAhe.jXk..zswuMppYjrnhXeTHc-1708913560-1.0-AdriNhWigkgBzk9H4HBlK6CAmC4k2JKNDNYocjqTGG61PIILyPZ0Ph/5cH0pSwYgsmMn5WoelfEXetkYKeBnEKw=
.zoominfo.com/ Name: _cfuvid
Value: f8rpEXrGdgw1FYF9vP5WLtrtKnLWKI96_17vV_FafTg-1708913560243-0.0-604800000
www.huntress.com/ Name: drift_aid
Value: c8ea76bf-0d77-42d7-986b-3092554e1e03
www.huntress.com/ Name: driftt_aid
Value: c8ea76bf-0d77-42d7-986b-3092554e1e03

82 Console Messages

Source Level URL
Text
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708(Line 648)
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/403957864408442?v=2.9.147&r=stable&domain=www.huntress.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
a.usbrowserspeed.com
alb.reddit.com
analytics.twitter.com
api-gw.metadata.io
api.neverbounce.com
assets-global.website-files.com
assets.website-files.com
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.metadata.io
cdn.neverbounce.com
connect.facebook.net
cta-service-cms2.hubspot.com
customer.api.drift.com
d3e54v103j8qbb.cloudfront.net
event.api.drift.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
gist.github.com
github.githubassets.com
google.com
hubspotonwebflow.com
huntresscdn.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.na.chilipiper.com
js.zi-scripts.com
metrics.api.drift.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
rc-widget-frame.js.driftt.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
tools.refokus.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
v.clarity.ms
webhooks.fivetran.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.huntress.com
www.redditstatic.com
rc-widget-frame.js.driftt.com
100.24.93.87
104.244.42.67
104.244.42.69
13.107.42.14
140.82.121.3
146.75.120.157
151.101.193.140
162.159.153.247
172.64.150.44
18.173.154.87
18.66.192.32
18.66.192.78
18.66.192.9
18.66.192.93
185.199.109.154
185.89.210.122
20.114.189.135
2001:4860:4802:34::36
23.53.42.251
2600:9000:20c3:ec00:12:9e5f:cac0:93a1
2600:9000:26da:9a00:11:3b84:d200:93a1
2600:9000:26db:6400:9:d7d4:1380:93a1
2606:4700:20::ac43:44da
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:4fba
2606:4700::6810:5614
2606:4700::6810:890f
2606:4700::6810:bf59
2606:4700::6811:589a
2606:4700::6811:e7a3
2606:4700::6812:7a0c
2606:4700::6812:a07d
2606:4700::6812:b07d
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:bdf::60
2620:1ec:c11::200
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2004
2a00:1450:4001:813::2008
2a00:1450:4001:82f::2003
2a00:1450:400c:c00::9c
2a02:26f0:3100::1735:2a3b
2a02:26f0:3100::1735:2baa
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
2a04:4e42:400::396
34.111.208.231
34.111.224.162
34.159.227.151
34.193.113.164
34.249.200.254
35.167.166.227
52.205.58.74
52.28.63.177
54.201.163.72
68.219.88.97
76.76.21.22
76.76.21.93
99.84.90.44
0020be3f1555293342637940e02d32e0f0c3b1951f6a274c00a6e3afe91610d1
007205ac272cd4fc89fd5dfa7b39040111422ed05dc773a195e406caae0a3e5a
00d08ce080678db0c54af3944723e28b27e8bdc24146f813477b5b58fe65376c
02c65a6d1cdc752f31b0be2157d9c6f65e72c7f3e781eea941bd848caf8a332e
056c1561d3bb28028f13b2d358a359dd7c1666b1e1293cbfffe0e14fb5225076
0591af742c10a8ad2020502cccbf97cb4fc1cfc48acaf588043d70e77b2c3aaf
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0de061a7ed39b9628479a87b1d64168c8166147a8272404cbda89c16b4fec12a
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
0f596cb38dc72ae999b1a7d5dcd3cb1b1b2c99dc27486943e52f08d32c8dfb18
10b977a814bd9ca3e018a07b6e1197c9a9fa89a27a2419158d22f41ab8a29508
117419872eecc6c10e61135cdc19e40370d304045c84987a0f8bd5781c00bfe1
12005f8d2938977c1ebf281dcbd9217acacd7ae9fe0bf2f2c3fed272e0cbe37c
14c59924cdca7796d9578872e6933998297b41cb0a2951ccaf7de4bd7cf921ff
14e6206b0b854f8eb373b1ccfbac42efdb97e1034de1355abb4ee81aa0672ec2
153fb3e06ae4cfc3f23663abe1b1295739e60bdf1b6095aba61911cb1887f62f
15736c00b563c558ec1e7d531c0d8bd7d8cc24c2026adbc2dcf0ccd3e48f7d65
1650436b42349eba90400162f9104f8abd0e8b846cf91d26c907c300dd8d7f85
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c30c3b29c0f7ccf7d7fbab85e43c283eae2fbf73b8576259047a904688cecd1
1ce5bbfddabe83a619dffbd897ac79e94ca961f04cf463583a421a22f5329938
2142e9de33cf1abb76356fb85a336bb615268fca582f9b0d9920ed8a7c8f8ad6
215162d385055d4248ce3810f5294fb0e1a857b2b18997d00805ca98f480fc79
28cf2b2374a7fe727fa05e23727151034a93103de21eda97e5b4513a26b83c70
28da9a4a0a78cd8d9db54358469ed8aba5f277ce6ece74e68a2cb6560691fc03
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2c67fbfab07bbad154d44a3879e7ebba6297a3b7553a45d36f8d50ef26881d7e
2c699eb55ae3fe61b3d783c8936ab1eb949c596a5c89118f703e328ede2b8308
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3016b5a6867e08a88976d0c9f47f100face0f7f3986c8bfd7ca8b0a4284dc488
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3421c6b2aa7dc634662198263dcf85ee70e9bc27299b3086bcc6b7da39d3588d
350cf9ff67297ce9f79b1a35fb7205326d21f149ab404f81ec875968f0b7d083
3560bc852853f52913c4fe6ddf33d388dab659998dce73ee88003902433ba09e
357da7296593e1a9c79ae53bb37df9b0c2fea4268009be8e0ae70bd356d77602
35cdb3c0ae5a9a8e2e65cd7a67fc96efb738547b63efb73d35ef43297eb548b4
36b097a74149a547cc7fe1da7b5a9cacf6c36d2f91872f11874479e1d4fafee2
3741d9357b176ea30b82ecd88b37af56d9a867020da6ae6a48aadac7c5b28713
3a9886679dab1ea5d82978ea93e590cd27fb5902bb664d9c8f55ecf2256b6d5a
3b3f4331825536e7bfea2547e2bd1b906dfaeb46a4d0ee5c43961f90fdbfbea7
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e74699ee2810c89e5df5bd0d0506256c46f1e73108f40dc993b49cc210203db
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44dbbb0a1da3d1a2b3f637ba2eff82150de83164b3caf824fc0fc46633588de3
45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53
510c92405ce7edbe9ee2be774b3cd37d4da696b91e5670da4f1cdcf2dd92285d
5172e93284d4516ea2e8fea2469a9b23556d92360b344cb50985c91db3cdbb12
531c136e45e2b18ebeedd6c50b5854c1a7483cf459ce77ac93552184c52975c1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
553797b86e5516ebb3b4a6ffc794d7d9eca1fc1f3ca8ab0703e5eff9934e29c8
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
5cabc318f9386753f5e6ba8b1df3af233bfd4813e8ba4ccbf80336ab2da97684
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e4e01da0230734413d39e4657ac95b4ccf45092ff61a162aa1f4d111a166735
60dc6fa5423fa6fe3fcd4e446f0f0bd5b39180a4e817fb9be36179809a3059fc
6155b0d259f8add5f53f6d44ca1dbd635494b9383590834b8f5a653db3f40193
629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916
643d8860646b831f3730ac8c62b2fd1cba78f4e7afd829816e59746fd3e67320
648b84ea82b1c9e25ca3b9feecc4a6e032d045ecfaae9e6f4ce584c45ba249ca
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6a6a06c6f8fb209f9e92af2bb5ed0c0d0e767211a1a92e631e1d0ce056488387
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c1aca2970c972b98f5d71cbe48a0d6d59d986907cde139772422511aa3aa67f
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6ee38878cd3f57c918114ecd1a74bc75e5165f45fd1e9503056e8dc2e542288f
6f3642cd8faa981a6b7f71cb0bd88a222ed7c92510100761c38f4bfd689853f2
701c6a58963ec3317ec3a50810267d99fcaa2d74e342cb7db4aec8aa4250b8af
71425f588c17edb9905c3ed73aee0404b58772b91c8154fe53d3157f58f0b2e2
739fc4cef053cd87d37dbf8d7302c74819a902029dd4e530d060b17de0cab1b2
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
7450e66aa3ed8c25745c8a243cd4fa929d971419d953e9edbd60128097483446
7573e5629fdd86c1b9715e81fd55e01c7cf7febbfc3562f5acbb757c0d4cce64
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
794dc30b5582c5b0c4a06c2e0776f6527a84c91d5f7abb9384e7588d0ab3a910
7e285a77b80972099da66db5e72db913e5790df103c86d2d4ec856a36261a2a0
7f62ee80b8c824f30ad6c278146632d25b7e159e0a9cd91a356068eb9340061c
80453d3b11578c329f81da100084af8ea743bf6e608359ce9b81f4e803e3cc34
80a8f1e40e10bdf26d3b30f8c9440f148db3998a3ef39bac42e075101f1d8cb3
82ba33778a6595a59baef6e6964c64d7c3e9888c2bbf74461f1948b295db28e2
8323a2d9c9e1f89ab87c4463fccb464202b4990a9a7b235f7e056b0689b135f7
84d9a8398452005a5d2abc445e3c54aabd86e648ed214d420d7fb323262719b1
860c659e8836feb6a6b4fc4c9b7195e4ab0a04e4642473c0780ae554fbf6ffb2
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
88eacf01b8e62a5299871ad7668c11a23a6eb03fe8b25d94d9e50e7aafb029a6
89aa43cb2db8717165e898b18806ad757585f8815f9f514bb0afbd3c390def95
8ad6a3979dc76675876a1647b475039421198c8e59323bf0b38ea68ebcad7e67
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8cede167f8e0eb1a742b600847e11c36e71ca6f8a2392c2474f31387b0cd5f4c
8f0f089b8d2746c56340171bba62f027d4d2dc0f520588d9480432693381e14a
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
90a0e97d1921888bd5956eec1702603d06bca1b4ddf24f65eb9bbc998394b9fb
9229cc7a045a77cde7958461fe119be76a757a9bd54426b7d7f32c4595d6112e
93a2fd82dd3a13a9e9ce0583f3bde1b6e88da6ebce30fa8c87cee4d9d927e4d2
944352d0198c673b45a699471c970aef85458ea3c58a3ed825b0f0e4f33f999c
97aea06a922faa1b6da2c398091124547eef7b7464168e650ceb8a704ea46da2
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a78a8a63fbc8fb312b448c65256801eada8ae34f9d2032d1314705cab3299bb
9ab4f4f2d68860f4280c8b04d86795c1750db14c12a7229fc841a26a74365e39
9c6517cd99fcb0145a0cc619e7b938621dba7c96b4ab0fa6589f201203296ed7
9e1c437bf016e0f39814c0bf143ae6e33818428bda6b93fbaad3dd809f981baa
a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3
a1e79865576e220b93dfe34d011286a8335ee8ac4eb6450300fb45a4f15a600e
a283a43e2ac897a9d4f4437afa0ee2f13bd9941612142e4696f623092e44f170
a4aba4543a40b2e2d78e4006eb941a3a18cf95dc81041ad362321a3995bcc898
a577cc713533d7a1edbc5186c3f7b8788bbf317a857111150778d6a617220cec
a7a9292edd72228ac6b7839b6e29a832ab45515a5c78d548ccd5fd8a2b1942ff
aa8b379f14b0d120d8c9a72effcf7c718ba150d23e37420eaa441c628e42d1ba
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace449f8c185f9f62716fd9998c8f4d09f6849ead77ec8c3849aa69f4c8c1d36
ad1a0bf17b8433241806ec0b3cb9c17be616ea295df90068ab3e646de802e111
ae6d5e757d837bc50bc654678bdbb4a2b49d5c53776f44a794b05ea94f7a77dd
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b2d605a3cd3d5bdc5329c552ad9d3d9e14cfa388e94fdaeba33de126837f794f
b724231af690d7071f70ae273ccde392fa287312565860d4fa7828bbb97958e5
b7bd039fcf8ea3ece5223d270ecf6d66277f9cf7ddacb8fd3f20d1702432c3bb
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b9b4f19dee3d4910ab6fb4ea6e8a3126cfd5386c0bec674b65461a5192dba995
ba3035c1cbfbd4ebb878f85acde3d846c6e9e90081de78ddcaf3126b4e8823b0
bb52f110beaa48ccb97f26c20630e3bab10a5547aecd2b8c1907c493f42b4469
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c1ea5b0d58d957f13eb2440e23706b1e7548fa8060cb04a450b07920a1658188
c2041ad0b35da95bcd443cf0c31a1bc1117cab1b86e82f6556265da9b2c46cb9
c27662ee6163c22fcf55b64766e46e6bc6f8429232fba57aca5c967971837989
c2a101f313f27c267a744088e44664a87d2ec7dc2a3464bf1319a95094dc76db
c4164a3d0784395509dfaf5f9e5b476b3f5c9a878e74178e27a00ec929203447
c49346b36c5eb5d1c1c872a70b18c488ad8b458d5cf29901101bb681d9a2b9ed
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c60a1c9a37989557aed8884899ddec28096d9624f4b43c602f9b335ae1db25cf
c733e71b5001a73229e513824c09657832ecd2d983256196f0fcacedeae7f24a
c7d3666f7e3cd5da46dd92f578d530787a6a9fadf7a6ab02e73dc2f620c93642
c99531b584c2990420c6cf8f267e27bca20375cf89d4afdcaa5b3afb7a9f35d2
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
ca38f2df2a3be653605830a05931aeac85fbd1c3fa2e483a334fdc25e3463503
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
ccc795c7f4c91389b99a9ac1dd7a16b8a536fd400725d6eed2f21e1f29324637
cd61b2d42e0498a5035a505b9e49c84f948aeb407a3a7571bb963b144611b873
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cf8edbedfd479fe7cc642e3a1db515dd1103f2d7864f0db5cae6144fbde44ea4
d04196ec92f307c66ad56e3adbd4536e6c504a251299183c2c016de66a65af39
d2dbc9d2a6b4979022d9cc07c4f9caf9911fbdd3d2988d00ee3f991884130b79
d3851af1bf48f6e0903b5d66e5d64141a559aa05a2da8c76b502dda2b6473933
d5231b8cf22732cbf3d007b56763c371e2bcb329b2725037593e589d7eda94d2
d674a115404e8d29a650437584421bd9d7ec57c4d43fe3e0a09adc080d521c44
d80721a4ce2c8b2607fede0868627692cc9f725cbc0cf098eea66590f68a9609
d858a3e24fc094b6683f21b0c4c57db4d91a65618c8ebdf8054c7d6142b89bfd
d8afbe76deadd8b4fe953f3333f82ca74e60f627ca7133f54455e8df4e0b47fc
d96ef1be8c45a457c2e1c8b213dac3a4ea3d3f16a79feaa7e7e555c9c28d9414
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de95c3ff5d31b425a4115ffa986e00ac61d6f4f283c5ed847348fdf571e9fd04
e0caf8d896cdcfb0ec0b4def2321743c3dc8fee6a5487e3b9197625c2fcc7e90
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
e18e0de698cf23fd92548a1fe0ad6b67b30b46a456f519f55a7536b0aa49ad5a
e25771659046bed206f576f67ef77c46c7c639fde3b416a20e279703ae25a669
e30fe89d5e43e87e0d1e0bd0e71baf9f2cb7dc2b6c5a02c94e4e267463e5a41e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5054fd142ccbbbd76523e3dccd26073e9caba6b10faf1d7aca6c18d7d8d9d48
e5149bac0cdad7bbd9d1b7badb88909929d324ee90b6dd1628e0c59024d68e7c
e523f47c65c171a685ca8f1bb0c0c432f4d71104fa56e8f6163126ec908cc430
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e714aa7cffbf3e68e53014c24faab07d3b3d56029105588e4088b6b57d6a95c1
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
e9377f7f6a40cf708c4606505e234a741ea7ed8653cd5b68690fa820a8d89970
e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e
eb6ce397310855bbef74043afcdda989653ad7b7b385191e8c8d622eee74b367
eca911cde383d98bf0ebfaeae9ffcbf9a217014053c43f8a4206d325f4988a5d
ecd9220d624977081133536d2847704ec997aa1f22256cd958083a7076e863b0
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ee9f2f620122112ded1f6498ba96d1c797429ab7c07806f689ed5d7142c15973
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2314da0b26cc727445f74c19d54f2f75944ea1a610497231ba6a5d9e541acf0
f4d1dc5e2bebcc6c035e733b5586f308c032e377d490d733835fbc1fb0e5d979
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f803453dcc3f1bc2ad8bd3ffc3751d5222720c9bd0fe6a0dfd341f10e0876d89
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa67414714720acf694287a69cb255d442d207b5e1a1e825d0a62dfbab8c1ba4
facf8de270be69de3d2a6fc877d6bbf24baacdeb6f8c5b39a4ac4853bcc096bb
fc573eaf0e39d6b2429951f78b744dde5acb4cbee85a9b903aea0210072d9b48
fca96e23cbef68956d5776a0e13de71ab3e0d82c192d143bc93a063776ee81ad
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a